Libexif Libexifproject Libexif

stack.watch can notify you when security vulnerabilities are reported in Libexifproject Libexif. You can add multiple products that you use with Libexif to create your own personal software stack watcher.

By the Year

In 2020 there have been 4 vulnerabilities in Libexifproject Libexif with an average score of 7.6 out of ten. Last year Libexif had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2020 as compared to last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 0.08.

Year Vulnerabilities Average Score
2020 4 7.58
2019 1 7.50
2018 1 8.10

It may take a day or so for new Libexif vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Libexifproject Libexif Security Vulnerabilities

An issue was discovered in libexif before 0.6.22

CVE-2020-13113 8.2 - High - May 21, 2020

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.

Dangling pointer

An issue was discovered in libexif before 0.6.22

CVE-2020-13112 9.1 - Critical - May 21, 2020

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

Out-of-bounds Read

An issue was discovered in libexif before 0.6.22

CVE-2020-13114 7.5 - High - May 21, 2020

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.

Uncontrolled Resource Consumption ('Resource Exhaustion')

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.

CVE-2020-12767 5.5 - Medium - May 09, 2020

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.

Divide By Zero

An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21

CVE-2018-20030 7.5 - High - February 20, 2019

An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.

Uncontrolled Resource Consumption ('Resource Exhaustion')

A vulnerability was found in libexif

CVE-2016-6328 8.1 - High - October 31, 2018

A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).

Integer Overflow or Wraparound

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry

CVE-2017-7544 9.1 - Critical - September 21, 2017

libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

Out-of-bounds Read