CVE-2020-13112: An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This…

critical9.1CVSS 3.1

AVNACLPRNUINSUCHINAH

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	libexif	< libexif 0.6.21-9 (bookworm)	libexif 0.6.21-9 (bookworm)
google	android	—	—
libexif_project	libexif	< 0.6.22	0.6.22
libexif_project	libexif	>= 0 < 0.6.21-9	0.6.21-9
libexif_project	libexif	>= 0 < 0.6.21-9	0.6.21-9
libexif_project	libexif	>= 0 < 0.6.21-9	0.6.21-9
libexif_project	libexif	>= 0 < 0.6.21-9	0.6.21-9
libexif_project	libexif	>= 0 < 0.6.21-2ubuntu0.5	0.6.21-2ubuntu0.5
libexif_project	libexif	>= 0 < 0.6.21-4ubuntu0.5	0.6.21-4ubuntu0.5
libexif_project	libexif	>= 0 < 0.6.21-6ubuntu0.3	0.6.21-6ubuntu0.3
libexif_project	libexif	>= 0 < 0.6.21-1ubuntu1+esm5	0.6.21-1ubuntu1+esm5
opensuse	leap	—	—
platform	external_libexif	>= 10:0 < 10:2022-02-01	10:2022-02-01
platform	external_libexif	>= 11:0 < 11:2022-02-01	11:2022-02-01

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

osv5.0MEDIUM