CVE-2016-6328
published 2018-10-31CVE-2016-6328: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and…
high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libexif | < libexif 0.6.21-2.1 (bookworm) | libexif 0.6.21-2.1 (bookworm) |
| android | — | — | |
| libexif_project | libexif | < 0.6.22 | 0.6.22 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2ubuntu0.1 | 0.6.21-2ubuntu0.1 |
| libexif_project | libexif | >= 0 < 0.6.21-4ubuntu0.1 | 0.6.21-4ubuntu0.1 |
| libexif_project | libexif | >= 0 < 0.6.21-1ubuntu1+esm1 | 0.6.21-1ubuntu1+esm1 |
| platform | external_libexif | >= 10:0 < 10:2021-01-01 | 10:2021-01-01 |
| platform | external_libexif | >= 11:0 < 11:2021-01-01 | 11:2021-01-01 |
| platform | external_libexif | >= 8.0:0 < 8.0:2021-01-01 | 8.0:2021-01-01 |
| platform | external_libexif | >= 8.1:0 < 8.1:2021-01-01 | 8.1:2021-01-01 |
| platform | external_libexif | >= 9:0 < 9:2021-01-01 | 9:2021-01-01 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
osv8.1HIGH