Vulnerabilities > CVE-2019-9278 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-140-02.NASL
    descriptionNew libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-05-31
    modified2020-05-20
    plugin id136729
    published2020-05-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136729
    titleSlackware 14.0 / 14.1 / 14.2 / current : libexif (SSA:2020-140-02)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2020-140-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136729);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2016-6328", "CVE-2017-7544", "CVE-2018-20030", "CVE-2019-9278", "CVE-2020-0093", "CVE-2020-12767", "CVE-2020-13112", "CVE-2020-13113", "CVE-2020-13114");
      script_xref(name:"SSA", value:"2020-140-02");
    
      script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : libexif (SSA:2020-140-02)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "New libexif packages are available for Slackware 14.0, 14.1, 14.2,
    and -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.499815
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?142d0c0f"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected libexif package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9278");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libexif");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i486", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-793.NASL
    descriptionThis update for libexif to 0.6.22 fixes the following issues : Security issues fixed : - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed : - libexif was updated to version 0.6.22 : - New translations: ms - Updated translations for most languages - Some useful EXIF 2.3 tag added : - EXIF_TAG_GAMMA - EXIF_TAG_COMPOSITE_IMAGE - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE - EXIF_TAG_GPS_H_POSITIONING_ERROR - EXIF_TAG_CAMERA_OWNER_NAME - EXIF_TAG_BODY_SERIAL_NUMBER - EXIF_TAG_LENS_SPECIFICATION - EXIF_TAG_LENS_MAKE - EXIF_TAG_LENS_MODEL - EXIF_TAG_LENS_SERIAL_NUMBER This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-13
    modified2020-06-12
    plugin id137392
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137392
    titleopenSUSE Security Update : libexif (openSUSE-2020-793)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-793.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137392);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/18");
    
      script_cve_id("CVE-2016-6328", "CVE-2017-7544", "CVE-2018-20030", "CVE-2019-9278", "CVE-2020-0093", "CVE-2020-12767", "CVE-2020-13112", "CVE-2020-13113", "CVE-2020-13114");
    
      script_name(english:"openSUSE Security Update : libexif (openSUSE-2020-793)");
      script_summary(english:"Check for the openSUSE-2020-793 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for libexif to 0.6.22 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2016-6328: Fixed an integer overflow in parsing
        MNOTE entry data of the input file (bsc#1055857).
    
      - CVE-2017-7544: Fixed an out-of-bounds heap read
        vulnerability in exif_data_save_data_entry function in
        libexif/exif-data.c (bsc#1059893).
    
      - CVE-2018-20030: Fixed a denial of service by endless
        recursion (bsc#1120943).
    
      - CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
    
      - CVE-2020-0093: Fixed an out-of-bounds read in
        exif_data_save_data_entry (bsc#1171847).
    
      - CVE-2020-12767: Fixed a divide-by-zero error in
        exif_entry_get_value (bsc#1171475).
    
      - CVE-2020-13112: Fixed a time consumption DoS when
        parsing canon array markers (bsc#1172121).
    
      - CVE-2020-13113: Fixed a potential use of uninitialized
        memory (bsc#1172105).
    
      - CVE-2020-13114: Fixed various buffer overread fixes due
        to integer overflows in maker notes (bsc#1172116).
    
    Non-security issues fixed :
    
      - libexif was updated to version 0.6.22 :
    
      - New translations: ms
    
      - Updated translations for most languages
    
      - Some useful EXIF 2.3 tag added :
    
      - EXIF_TAG_GAMMA
    
      - EXIF_TAG_COMPOSITE_IMAGE
    
      - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
    
      - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
    
      - EXIF_TAG_GPS_H_POSITIONING_ERROR
    
      - EXIF_TAG_CAMERA_OWNER_NAME
    
      - EXIF_TAG_BODY_SERIAL_NUMBER
    
      - EXIF_TAG_LENS_SPECIFICATION
    
      - EXIF_TAG_LENS_MAKE
    
      - EXIF_TAG_LENS_MODEL
    
      - EXIF_TAG_LENS_SERIAL_NUMBER
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055857"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1160770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1171475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1171847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172121"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected libexif packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9278");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"libexif-debugsource-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libexif-devel-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libexif12-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libexif12-debuginfo-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libexif-devel-32bit-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libexif12-32bit-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libexif12-32bit-debuginfo-0.6.22-lp151.4.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libexif-debugsource / libexif-devel / libexif12 / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4277-1.NASL
    descriptionLiu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-9278). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133649
    published2020-02-12
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133649
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : libexif vulnerabilities (USN-4277-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0458-1.NASL
    descriptionThis update for libexif fixes the following issues : CVE-2019-9278: Fixed an integer overflow (bsc#1160770). CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-26
    plugin id134078
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134078
    titleSUSE SLED15 / SLES15 Security Update : libexif (SUSE-SU-2020:0458-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_00F30CBA4D2311EA86BA641C67A117D8.NASL
    descriptionMitre reports : In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.
    last seen2020-06-01
    modified2020-06-02
    plugin id133629
    published2020-02-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133629
    titleFreeBSD : libexif -- privilege escalation (00f30cba-4d23-11ea-86ba-641c67a117d8)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2100.NASL
    descriptionan out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse exif files. This flaw might be leveraged by remote attackers to cause denial of service, or potentially execute arbitrary code via crafted image files. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id133655
    published2020-02-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133655
    titleDebian DLA-2100-1 : libexif security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-264.NASL
    descriptionThis update for libexif fixes the following issues : - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2020-03-02
    plugin id134194
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134194
    titleopenSUSE Security Update : libexif (openSUSE-2020-264)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4618.NASL
    descriptionAn out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id133533
    published2020-02-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133533
    titleDebian DSA-4618-1 : libexif - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0457-1.NASL
    descriptionThis update for libexif fixes the following issues : CVE-2019-9278: Fixed an integer overflow (bsc#1160770). CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-26
    plugin id134077
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134077
    titleSUSE SLED12 / SLES12 Security Update : libexif (SUSE-SU-2020:0457-1)

References