SB2020030102 - OpenSUSE Linux update for libexif

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020030102

SB2020030102 - OpenSUSE Linux update for libexif

Published: March 1, 2020

Security Bulletin ID SB2020030102
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Uncontrolled Recursion (CVE-ID: CVE-2018-20030)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to recursion issue when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif. A remote attacker can pass specially crafted data to the application and exhaust all available CPU resources.


2) Integer overflow (CVE-ID: CVE-2019-9278)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References