Bugzilla – Bug 1059893
VUL-1:CVE-2017-7544: libexif: Out-of-bounds heap read in exif_data_save_data_entry function
Last modified: 2020-07-08 13:22:28 UTC
rh#1494196 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. References: https://bugzilla.redhat.com/show_bug.cgi?id=1494196 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 https://sourceforge.net/p/libexif/bugs/130/
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-01-31. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63940
SUSE-SU-2018:0193-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1055857,1059893 CVE References: CVE-2016-6328,CVE-2017-7544 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): libexif-0.6.21-8.3.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): libexif-0.6.21-8.3.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): libexif-0.6.21-8.3.1 SUSE Linux Enterprise Server 12-SP3 (src): libexif-0.6.21-8.3.1 SUSE Linux Enterprise Server 12-SP2 (src): libexif-0.6.21-8.3.1 SUSE Linux Enterprise Desktop 12-SP3 (src): libexif-0.6.21-8.3.1 SUSE Linux Enterprise Desktop 12-SP2 (src): libexif-0.6.21-8.3.1
SUSE-SU-2018:0195-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1059893 CVE References: CVE-2017-7544 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libexif-0.6.17-2.14.3.1 SUSE Linux Enterprise Server 11-SP4 (src): libexif-0.6.17-2.14.3.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libexif-0.6.17-2.14.3.1
released
openSUSE-SU-2018:0211-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1055857,1059893 CVE References: CVE-2016-6328,CVE-2017-7544 Sources used: openSUSE Leap 42.3 (src): libexif-0.6.21-15.1 openSUSE Leap 42.2 (src): libexif-0.6.21-12.3.1
This is an autogenerated message for OBS integration: This bug (1059893) was mentioned in https://build.opensuse.org/request/show/807015 Factory / libexif
SUSE-SU-2020:1534-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1055857,1059893,1120943,1160770,1171475,1171847,1172105,1172116,1172121 CVE References: CVE-2016-6328,CVE-2017-7544,CVE-2018-20030,CVE-2019-9278,CVE-2020-0093,CVE-2020-12767,CVE-2020-13112,CVE-2020-13113,CVE-2020-13114 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): libexif-0.6.22-8.9.1 SUSE OpenStack Cloud 8 (src): libexif-0.6.22-8.9.1 SUSE OpenStack Cloud 7 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP5 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP4 (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): libexif-0.6.22-8.9.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): libexif-0.6.22-8.9.1 SUSE Enterprise Storage 5 (src): libexif-0.6.22-8.9.1 HPE Helion Openstack 8 (src): libexif-0.6.22-8.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1553-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1055857,1059893,1120943,1160770,1171475,1171847,1172105,1172116,1172121 CVE References: CVE-2016-6328,CVE-2017-7544,CVE-2018-20030,CVE-2019-9278,CVE-2020-0093,CVE-2020-12767,CVE-2020-13112,CVE-2020-13113,CVE-2020-13114 Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src): libexif-0.6.22-5.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0793-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1055857,1059893,1120943,1160770,1171475,1171847,1172105,1172116,1172121 CVE References: CVE-2016-6328,CVE-2017-7544,CVE-2018-20030,CVE-2019-9278,CVE-2020-0093,CVE-2020-12767,CVE-2020-13112,CVE-2020-13113,CVE-2020-13114 Sources used: openSUSE Leap 15.1 (src): libexif-0.6.22-lp151.4.6.1
SUSE-SU-2020:1553-2: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1055857,1059893,1120943,1160770,1171475,1171847,1172105,1172116,1172121 CVE References: CVE-2016-6328,CVE-2017-7544,CVE-2018-20030,CVE-2019-9278,CVE-2020-0093,CVE-2020-12767,CVE-2020-13112,CVE-2020-13113,CVE-2020-13114 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): libexif-0.6.22-5.6.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): libexif-0.6.22-5.6.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): libexif-0.6.22-5.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.