8.2

CVE-2020-13113

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libexif ProjectLibexif Version < 0.6.22
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
OpensuseLeap Version15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.89% 0.768
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202007-05
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4396-1/
Third Party Advisory
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
Patch
Third Party Advisory