CVE-2017-7544 — Out-of-bounds Read in Project Libexif

CWE-125 — Out-of-bounds Read10 documents8 sources

Severity

9.1CRITICALNVD

OSV8.1

EPSS

0.5%

top 33.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexif Project Libexif RED HAT INC Libexif

Timeline

PublishedSep 21

Latest updateMay 13

Description

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶Debianlibexif_project/libexif< 0.6.21-2.1+3

▶Ubuntulibexif_project/libexif< 0.6.21-2ubuntu0.1+2

▶NVDlibexif_project/libexif0.6.21

▶CVEListV5red_hat_inc/libexifthrough 0.6.21

🔴Vulnerability Details

GHSA

GHSA-552w-mcq2-q5xm: libexif through 0↗2022-05-13

▶

OSV

libexif vulnerabilities↗2020-02-11

▶

OSV

CVE-2017-7544: libexif through 0↗2017-09-21

▶

CVEList

CVE-2017-7544: libexif through 0↗2017-09-21

▶

📋Vendor Advisories

Ubuntu

libexif vulnerabilities↗2020-02-11

▶

Red Hat

libexif: Out-of-bounds heap read in exif_data_save_data_entry function↗2017-07-04

▶

Debian

CVE-2017-7544: libexif - libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in...↗2017

▶

💬Community

Bugzilla

CVE-2017-7544 libexif: Out-of-bounds heap read in exif_data_save_data_entry function↗2017-09-21

▶

Bugzilla

CVE-2017-7544 libexif: Out-of-bounds heap read in exif_data_save_data_entry function [fedora-all]↗2017-09-21

▶