VDB

MAGEIA-2018-51

MAGEIA-2018-51 PUBLISHED

A vulnerability was found in libexif. The vulnerability is caused by an integer overflow. In some cases, the integer overflow can cause Heap Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other cases, the integer overflow can cause use of uninitialized pointer variable, i.e. Use of Uninitialized Variable Vulnerability. The vulnerability happens when parsing MNOTE entry data of the input file. The vulnerability can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data) (CVE-2016-6328).

Affected Products

VendorProductVersions
Mageialibexif0.6.21-9.1.mga6, 0
Mageialibexif0, 0.6.21-8.1.mga5

Timeline

  • Jan 3, 2018 CVE Updated
  • Jan 3, 2018 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›