Vulnerabilities > CVE-2020-0093 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-140-02.NASL
    descriptionNew libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-05-31
    modified2020-05-20
    plugin id136729
    published2020-05-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136729
    titleSlackware 14.0 / 14.1 / 14.2 / current : libexif (SSA:2020-140-02)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2020-140-02. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136729);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/26");
    
      script_cve_id("CVE-2016-6328", "CVE-2017-7544", "CVE-2018-20030", "CVE-2019-9278", "CVE-2020-0093", "CVE-2020-12767", "CVE-2020-13112", "CVE-2020-13113", "CVE-2020-13114");
      script_xref(name:"SSA", value:"2020-140-02");
    
      script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : libexif (SSA:2020-140-02)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "New libexif packages are available for Slackware 14.0, 14.1, 14.2,
    and -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.499815
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?142d0c0f"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected libexif package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9278");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libexif");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i486", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libexif", pkgver:"0.6.22", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-793.NASL
    descriptionThis update for libexif to 0.6.22 fixes the following issues : Security issues fixed : - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed : - libexif was updated to version 0.6.22 : - New translations: ms - Updated translations for most languages - Some useful EXIF 2.3 tag added : - EXIF_TAG_GAMMA - EXIF_TAG_COMPOSITE_IMAGE - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE - EXIF_TAG_GPS_H_POSITIONING_ERROR - EXIF_TAG_CAMERA_OWNER_NAME - EXIF_TAG_BODY_SERIAL_NUMBER - EXIF_TAG_LENS_SPECIFICATION - EXIF_TAG_LENS_MAKE - EXIF_TAG_LENS_MODEL - EXIF_TAG_LENS_SERIAL_NUMBER This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-13
    modified2020-06-12
    plugin id137392
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137392
    titleopenSUSE Security Update : libexif (openSUSE-2020-793)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-793.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137392);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/18");
    
      script_cve_id("CVE-2016-6328", "CVE-2017-7544", "CVE-2018-20030", "CVE-2019-9278", "CVE-2020-0093", "CVE-2020-12767", "CVE-2020-13112", "CVE-2020-13113", "CVE-2020-13114");
    
      script_name(english:"openSUSE Security Update : libexif (openSUSE-2020-793)");
      script_summary(english:"Check for the openSUSE-2020-793 patch");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for libexif to 0.6.22 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2016-6328: Fixed an integer overflow in parsing
        MNOTE entry data of the input file (bsc#1055857).
    
      - CVE-2017-7544: Fixed an out-of-bounds heap read
        vulnerability in exif_data_save_data_entry function in
        libexif/exif-data.c (bsc#1059893).
    
      - CVE-2018-20030: Fixed a denial of service by endless
        recursion (bsc#1120943).
    
      - CVE-2019-9278: Fixed an integer overflow (bsc#1160770).
    
      - CVE-2020-0093: Fixed an out-of-bounds read in
        exif_data_save_data_entry (bsc#1171847).
    
      - CVE-2020-12767: Fixed a divide-by-zero error in
        exif_entry_get_value (bsc#1171475).
    
      - CVE-2020-13112: Fixed a time consumption DoS when
        parsing canon array markers (bsc#1172121).
    
      - CVE-2020-13113: Fixed a potential use of uninitialized
        memory (bsc#1172105).
    
      - CVE-2020-13114: Fixed various buffer overread fixes due
        to integer overflows in maker notes (bsc#1172116).
    
    Non-security issues fixed :
    
      - libexif was updated to version 0.6.22 :
    
      - New translations: ms
    
      - Updated translations for most languages
    
      - Some useful EXIF 2.3 tag added :
    
      - EXIF_TAG_GAMMA
    
      - EXIF_TAG_COMPOSITE_IMAGE
    
      - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
    
      - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
    
      - EXIF_TAG_GPS_H_POSITIONING_ERROR
    
      - EXIF_TAG_CAMERA_OWNER_NAME
    
      - EXIF_TAG_BODY_SERIAL_NUMBER
    
      - EXIF_TAG_LENS_SPECIFICATION
    
      - EXIF_TAG_LENS_MAKE
    
      - EXIF_TAG_LENS_MODEL
    
      - EXIF_TAG_LENS_SERIAL_NUMBER
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055857"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1160770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1171475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1171847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172121"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected libexif packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9278");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libexif12-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"libexif-debugsource-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libexif-devel-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libexif12-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libexif12-debuginfo-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libexif-devel-32bit-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libexif12-32bit-0.6.22-lp151.4.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libexif12-32bit-debuginfo-0.6.22-lp151.4.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libexif-debugsource / libexif-devel / libexif12 / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2222.NASL
    descriptionVarious minor vulnerabilities have been addredd in libexif, a library to parse EXIF metadata files. CVE-2018-20030 This issue had already been addressed via DLA-2214-1. However, upstream provided an updated patch, so this has been followed up on. CVE-2020-13112 Several buffer over-reads in EXIF MakerNote handling could have lead to information disclosure and crashes. This issue is different from already resolved CVE-2020-0093. CVE-2020-13113 Use of uninitialized memory in EXIF Makernote handling could have lead to crashes and potential use-after-free conditions. CVE-2020-13114 An unrestricted size in handling Canon EXIF MakerNote data could have lead to consumption of large amounts of compute time for decoding EXIF data. For Debian 8
    last seen2020-06-06
    modified2020-05-29
    plugin id136952
    published2020-05-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136952
    titleDebian DLA-2222-1 : libexif security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2222-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136952);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/18");
    
      script_cve_id("CVE-2018-20030", "CVE-2020-13112", "CVE-2020-13113", "CVE-2020-13114");
    
      script_name(english:"Debian DLA-2222-1 : libexif security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Various minor vulnerabilities have been addredd in libexif, a library
    to parse EXIF metadata files.
    
    CVE-2018-20030
    
    This issue had already been addressed via DLA-2214-1. However,
    upstream provided an updated patch, so this has been followed up on.
    
    CVE-2020-13112
    
    Several buffer over-reads in EXIF MakerNote handling could have lead
    to information disclosure and crashes. This issue is different from
    already resolved CVE-2020-0093.
    
    CVE-2020-13113
    
    Use of uninitialized memory in EXIF Makernote handling could have lead
    to crashes and potential use-after-free conditions.
    
    CVE-2020-13114
    
    An unrestricted size in handling Canon EXIF MakerNote data could have
    lead to consumption of large amounts of compute time for decoding EXIF
    data.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    0.6.21-2+deb8u3.
    
    We recommend that you upgrade your libexif packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/libexif"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade the affected libexif-dev, and libexif12 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13113");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libexif-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libexif12");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libexif-dev", reference:"0.6.21-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libexif12", reference:"0.6.21-2+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2214.NASL
    descriptionVarious vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow when parsing the MNOTE entry data of the input file had been found. This could have caused denial of service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications
    last seen2020-05-22
    modified2020-05-18
    plugin id136674
    published2020-05-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136674
    titleDebian DLA-2214-1 : libexif security update