Vulnerability Details CVE-2020-13112
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1
- https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
- https://security.gentoo.org/glsa/202007-05
- https://usn.ubuntu.com/4396-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1
- https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
- https://security.gentoo.org/glsa/202007-05
- https://usn.ubuntu.com/4396-1/
Products affected by CVE-2020-13112
-
cpe:2.3:a:libexif_project:libexif:-
-
cpe:2.3:a:libexif_project:libexif:0.5.7
-
cpe:2.3:a:libexif_project:libexif:0.5.9
-
cpe:2.3:a:libexif_project:libexif:0.6.0
-
cpe:2.3:a:libexif_project:libexif:0.6.12
-
cpe:2.3:a:libexif_project:libexif:0.6.14
-
cpe:2.3:a:libexif_project:libexif:0.6.15
-
cpe:2.3:a:libexif_project:libexif:0.6.16
-
cpe:2.3:a:libexif_project:libexif:0.6.17
-
cpe:2.3:a:libexif_project:libexif:0.6.18
-
cpe:2.3:a:libexif_project:libexif:0.6.19
-
cpe:2.3:a:libexif_project:libexif:0.6.20
-
cpe:2.3:a:libexif_project:libexif:0.6.21
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:opensuse:leap:15.1