SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1148

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1148

Security update for libexif

Type: security

Severity: important

Issued: 2022-04-11

Description:

This update for libexif fixes the following issues:

- CVE-2020-0181: Fixed an integer overflow that could lead to denial of service
  (bsc#1172802).
- CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial
  of service (bsc#1172768).
- CVE-2020-0452: Fixed a buffer overflow check that could be optimized away
  by the compiler (bsc#1178479).

References

CVE: CVE-2020-0452
CVE: CVE-2020-0198
CVE: CVE-2020-0181
Bugzilla: 1178479 VUL-0: CVE-2020-0452: libexif: buffer overflow due to integer overflow check optimization
Bugzilla: 1172802 VUL-1: CVE-2020-0181: libexif: integer overflow in exif-data.c
Bugzilla: 1172768 VUL-1: CVE-2020-0198: libexif: unsigned integer overflow

Packages

libexif-0.6.22-150000.5.9.1