Headline
CVE-2020-13113: Ensure the MakerNote data pointers are initialized with NULL. · libexif/libexif@ec412aa
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
Permalink
Browse files
Ensure the MakerNote data pointers are initialized with NULL.
This ensures that an uninitialized pointer isn’t dereferenced later in the case where the number of components (and therefore size) is 0.
This fixes the second issue reported at https://sourceforge.net/p/libexif/bugs/125/
CVE-2020-13113
- Loading branch information
Showing with 4 additions and 0 deletions.
- +1 −0 libexif/canon/exif-mnote-data-canon.c
- +1 −0 libexif/fuji/exif-mnote-data-fuji.c
- +1 −0 libexif/olympus/exif-mnote-data-olympus.c
- +1 −0 libexif/pentax/exif-mnote-data-pentax.c