CVE-2020-13114Allocation of Resources Without Limits or Throttling in Project Libexif

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption10 documents8 sources
Severity
7.5HIGHNVD
OSV5.0
EPSS
0.8%
top 26.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libexif Project LibexifCanonical Ubuntu LinuxOpensuse Leap
Timeline
PublishedMay 21
Latest updateMay 24

Description

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Debianlibexif_project/libexif< 0.6.21-9+3
Ubuntulibexif_project/libexif< 0.6.21-2ubuntu0.5+3
NVDopensuse/leap15.1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-mpfc-53hr-w2mg: An issue was discovered in libexif before 02022-05-24
OSV
libexif vulnerabilities2020-06-16
OSV
CVE-2020-13114: An issue was discovered in libexif before 02020-05-21
CVEList
CVE-2020-13114: An issue was discovered in libexif before 02020-05-21

📋Vendor Advisories

3
Ubuntu
libexif vulnerabilities2020-06-16
Red Hat
libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time2020-05-16
Debian
CVE-2020-13114: libexif - An issue was discovered in libexif before 0.6.22. An unrestricted size in handli...2020

💬Community

2
Bugzilla
CVE-2020-13114 libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time for decoding EXIF data [fedora-all]2020-05-26
Bugzilla
CVE-2020-13114 libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time2020-05-26
CVE-2020-13114 — Libexif Project Libexif vulnerability | cvebase