An update for libexif is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-1078
Final
1.0
1.0
2024-01-19
Initial
2024-01-19
2024-01-19
openEuler SA Tool V1.0
2024-01-19
libexif security update
An update for libexif is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3.
Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.
Security Fix(es):
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731(CVE-2020-0452)
An update for libexif is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
libexif
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1078
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-0452
https://nvd.nist.gov/vuln/detail/CVE-2020-0452
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-SP3
libexif-debuginfo-0.6.21-26.oe1.aarch64.rpm
libexif-debugsource-0.6.21-26.oe1.aarch64.rpm
libexif-devel-0.6.21-26.oe1.aarch64.rpm
libexif-0.6.21-26.oe1.aarch64.rpm
libexif-devel-0.6.21-26.oe2003sp4.aarch64.rpm
libexif-0.6.21-26.oe2003sp4.aarch64.rpm
libexif-debugsource-0.6.21-26.oe2003sp4.aarch64.rpm
libexif-debuginfo-0.6.21-26.oe2003sp4.aarch64.rpm
libexif-devel-0.6.22-5.oe2203.aarch64.rpm
libexif-0.6.22-5.oe2203.aarch64.rpm
libexif-debugsource-0.6.22-5.oe2203.aarch64.rpm
libexif-debuginfo-0.6.22-5.oe2203.aarch64.rpm
libexif-debugsource-0.6.22-5.oe2203sp1.aarch64.rpm
libexif-0.6.22-5.oe2203sp1.aarch64.rpm
libexif-devel-0.6.22-5.oe2203sp1.aarch64.rpm
libexif-debuginfo-0.6.22-5.oe2203sp1.aarch64.rpm
libexif-devel-0.6.22-5.oe2203sp2.aarch64.rpm
libexif-0.6.22-5.oe2203sp2.aarch64.rpm
libexif-debugsource-0.6.22-5.oe2203sp2.aarch64.rpm
libexif-debuginfo-0.6.22-5.oe2203sp2.aarch64.rpm
libexif-0.6.22-5.oe2203sp3.aarch64.rpm
libexif-devel-0.6.22-5.oe2203sp3.aarch64.rpm
libexif-debuginfo-0.6.22-5.oe2203sp3.aarch64.rpm
libexif-debugsource-0.6.22-5.oe2203sp3.aarch64.rpm
libexif-help-0.6.21-26.oe1.noarch.rpm
libexif-help-0.6.21-26.oe2003sp4.noarch.rpm
libexif-help-0.6.22-5.oe2203.noarch.rpm
libexif-help-0.6.22-5.oe2203sp1.noarch.rpm
libexif-help-0.6.22-5.oe2203sp2.noarch.rpm
libexif-help-0.6.22-5.oe2203sp3.noarch.rpm
libexif-0.6.21-26.oe1.src.rpm
libexif-0.6.21-26.oe2003sp4.src.rpm
libexif-0.6.22-5.oe2203.src.rpm
libexif-0.6.22-5.oe2203sp1.src.rpm
libexif-0.6.22-5.oe2203sp2.src.rpm
libexif-0.6.22-5.oe2203sp3.src.rpm
libexif-devel-0.6.21-26.oe1.x86_64.rpm
libexif-0.6.21-26.oe1.x86_64.rpm
libexif-debugsource-0.6.21-26.oe1.x86_64.rpm
libexif-debuginfo-0.6.21-26.oe1.x86_64.rpm
libexif-devel-0.6.21-26.oe2003sp4.x86_64.rpm
libexif-debugsource-0.6.21-26.oe2003sp4.x86_64.rpm
libexif-0.6.21-26.oe2003sp4.x86_64.rpm
libexif-debuginfo-0.6.21-26.oe2003sp4.x86_64.rpm
libexif-debugsource-0.6.22-5.oe2203.x86_64.rpm
libexif-devel-0.6.22-5.oe2203.x86_64.rpm
libexif-0.6.22-5.oe2203.x86_64.rpm
libexif-debuginfo-0.6.22-5.oe2203.x86_64.rpm
libexif-debuginfo-0.6.22-5.oe2203sp1.x86_64.rpm
libexif-0.6.22-5.oe2203sp1.x86_64.rpm
libexif-debugsource-0.6.22-5.oe2203sp1.x86_64.rpm
libexif-devel-0.6.22-5.oe2203sp1.x86_64.rpm
libexif-debugsource-0.6.22-5.oe2203sp2.x86_64.rpm
libexif-0.6.22-5.oe2203sp2.x86_64.rpm
libexif-debuginfo-0.6.22-5.oe2203sp2.x86_64.rpm
libexif-devel-0.6.22-5.oe2203sp2.x86_64.rpm
libexif-0.6.22-5.oe2203sp3.x86_64.rpm
libexif-devel-0.6.22-5.oe2203sp3.x86_64.rpm
libexif-debugsource-0.6.22-5.oe2203sp3.x86_64.rpm
libexif-debuginfo-0.6.22-5.oe2203sp3.x86_64.rpm
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
2024-01-19
CVE-2020-0452
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-SP3
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
libexif security update
2024-01-19
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1078