Vulnerability Details CVE-2016-6328
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328
- https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
- https://security.gentoo.org/glsa/202007-05
- https://usn.ubuntu.com/4277-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328
- https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
- https://security.gentoo.org/glsa/202007-05
- https://usn.ubuntu.com/4277-1/
Products affected by CVE-2016-6328
-
cpe:2.3:a:libexif_project:libexif:-
-
cpe:2.3:a:libexif_project:libexif:0.5.7
-
cpe:2.3:a:libexif_project:libexif:0.5.9
-
cpe:2.3:a:libexif_project:libexif:0.6.0
-
cpe:2.3:a:libexif_project:libexif:0.6.12
-
cpe:2.3:a:libexif_project:libexif:0.6.14
-
cpe:2.3:a:libexif_project:libexif:0.6.15
-
cpe:2.3:a:libexif_project:libexif:0.6.16
-
cpe:2.3:a:libexif_project:libexif:0.6.17
-
cpe:2.3:a:libexif_project:libexif:0.6.18
-
cpe:2.3:a:libexif_project:libexif:0.6.19
-
cpe:2.3:a:libexif_project:libexif:0.6.20
-
cpe:2.3:a:libexif_project:libexif:0.6.21
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:debian:debian_linux:8.0