CVE-2016-6328Integer Overflow or Wraparound in External Libexif

CWE-190Integer Overflow or Wraparound12 documents9 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 28.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Platform External LibexifLibexif Project LibexifCanonical Ubuntu Linux+1 more
Timeline
PublishedOct 31
Latest updateMay 13

Description

A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

Androidplatform/external_libexif8.0:08.0:2021-01-01+4
Debianlibexif_project/libexif< 0.6.21-2.1+3
Ubuntulibexif_project/libexif< 0.6.21-2ubuntu0.1+2

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
GHSA
GHSA-j9j6-4w7r-rwcc: A vulnerability was found in libexif2022-05-13
OSV
CVE-2016-6328: In mnote_pentax_entry_get_value of mnote-pentax-entry2021-01-01
OSV
libexif vulnerabilities2020-02-11
OSV
CVE-2016-6328: A vulnerability was found in libexif2018-10-31
CVEList
CVE-2016-6328: A vulnerability was found in libexif2018-10-31

📋Vendor Advisories

4
Android
CVE-2016-6328: Android Security Bulletin 2021-01-01 CVE: CVE-2016-6328 Severity: HIGH Type: RCE Affected AOSP versions: 82021-01-01
Ubuntu
libexif vulnerabilities2020-02-11
Red Hat
libexif: Integer overflow in parsing MNOTE entry data of the input file2017-07-25
Debian
CVE-2016-6328: libexif - A vulnerability was found in libexif. An integer overflow when parsing the MNOTE...2016

💬Community

2
Bugzilla
CVE-2016-6328 libexif: Integer overflow in parsing MNOTE entry data of the input file [fedora-all]2017-08-22
Bugzilla
CVE-2016-6328 libexif: Integer overflow in parsing MNOTE entry data of the input file2016-08-11
CVE-2016-6328 — Integer Overflow or Wraparound | cvebase