CVE-2017-7544
published 2017-09-21CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper…
critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libexif | < libexif 0.6.21-2.1 (bookworm) | libexif 0.6.21-2.1 (bookworm) |
| libexif_project | libexif | <= 0.6.21 | — |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2.1 | 0.6.21-2.1 |
| libexif_project | libexif | >= 0 < 0.6.21-2ubuntu0.1 | 0.6.21-2ubuntu0.1 |
| libexif_project | libexif | >= 0 < 0.6.21-4ubuntu0.1 | 0.6.21-4ubuntu0.1 |
| libexif_project | libexif | >= 0 < 0.6.21-1ubuntu1+esm1 | 0.6.21-1ubuntu1+esm1 |
| red_hat_inc | libexif | — | — |
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL