Vulnerability Details CVE-2020-13114
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
- https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
- https://security.gentoo.org/glsa/202007-05
- https://usn.ubuntu.com/4396-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
- https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
- https://security.gentoo.org/glsa/202007-05
- https://usn.ubuntu.com/4396-1/
Products affected by CVE-2020-13114
-
cpe:2.3:a:libexif_project:libexif:-
-
cpe:2.3:a:libexif_project:libexif:0.5.7
-
cpe:2.3:a:libexif_project:libexif:0.5.9
-
cpe:2.3:a:libexif_project:libexif:0.6.0
-
cpe:2.3:a:libexif_project:libexif:0.6.12
-
cpe:2.3:a:libexif_project:libexif:0.6.14
-
cpe:2.3:a:libexif_project:libexif:0.6.15
-
cpe:2.3:a:libexif_project:libexif:0.6.16
-
cpe:2.3:a:libexif_project:libexif:0.6.17
-
cpe:2.3:a:libexif_project:libexif:0.6.18
-
cpe:2.3:a:libexif_project:libexif:0.6.19
-
cpe:2.3:a:libexif_project:libexif:0.6.20
-
cpe:2.3:a:libexif_project:libexif:0.6.21
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:opensuse:leap:15.1