Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-13112: Fix MakerNote tag size overflow issues at read time. · libexif/libexif@435e21f

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

CVE

Permalink

Browse files

Fix MakerNote tag size overflow issues at read time.

Check for a size overflow while reading tags, which ensures that the size is always consistent for the given components and type of the entry, making checking further down superfluous.

This provides an alternate fix for https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 and for all the MakerNote types. Likely, this makes both commits 41bd042 and 89e5b1c redundant as it ensures that MakerNote entries are well-formed when they’re populated.

Some improvements on top by Marcus Meissner [email protected]

CVE-2020-13112

  • Loading branch information

Related news

CVE-2021-40052: March

There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.

CVE-2021-39658: Android Security Bulletin—February 2022  |  Android Open Source Project

ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907