CVE-2020-13113 — Use of Uninitialized Resource in Project Libexif

CWE-908 — Use of Uninitialized Resource CWE-416 — Use After Free CWE-456 — Missing Initialization of a Variable CWE-822 — Untrusted Pointer Dereference12 documents9 sources

Severity

8.2HIGHNVD

OSV5.0

EPSS

0.7%

top 28.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexif Project Libexif Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedMay 21

Latest updateMay 24

Description

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

▶NVDlibexif_project/libexif< 0.6.22

▶Debianlibexif_project/libexif< 0.6.21-9+3

▶Ubuntulibexif_project/libexif< 0.6.21-2ubuntu0.5+3

▶NVDopensuse/leap15.1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v6jx-w33p-924c: An issue was discovered in libexif before 0↗2022-05-24

▶

OSV

libexif vulnerabilities↗2020-06-16

▶

OSV

CVE-2020-13113: An issue was discovered in libexif before 0↗2020-05-21

▶

CVEList

CVE-2020-13113: An issue was discovered in libexif before 0↗2020-05-21

▶

📋Vendor Advisories

Android

CVE-2020-13113: Android Security Bulletin 2022-02-01 CVE: CVE-2020-13113 Severity: HIGH Type: EoP Affected AOSP versions: 10, 11 References: A-196085005*↗2022-02-01

▶

Ubuntu

libexif vulnerabilities↗2020-06-16

▶

Red Hat

libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free↗2020-05-16

▶

Debian

CVE-2020-13113: libexif - An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in...↗2020

▶

💬Community

Bugzilla

CVE-2020-13113 libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free↗2020-05-26

▶

Bugzilla

CVE-2020-13113 libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free [fedora-all]↗2020-05-26

▶

Bugzilla

CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service↗2019-07-10

▶