6.4
CVSSv2

CVE-2020-13112

Published: 21/05/2020 Updated: 28/05/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

An issue exists in libexif prior to 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

Vulnerability Trend

Affected Products

Vendor Product Versions
Libexif ProjectLibexif-, 0.5.7, 0.5.9, 0.6.0, 0.6.12, 0.6.14, 0.6.15, 0.6.16, 0.6.17, 0.6.18, 0.6.19, 0.6.20, 0.6.21

Vendor Advisories

Debian Bug report logs - #961407 libexif: CVE-2020-13112 Package: src:libexif; Maintainer for src:libexif is Debian PhotoTools Maintainers <pkg-phototools-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 May 2020 09:33:01 UTC Severity: important Tags: pending, securi ...
Severity Unknown Remote Unknown Type Unknown Description AVG-1166 libexif 0621-1 0622-1 Unknown Vulnerable ...