Synopsis: Moderate: libexif security, bug fix, and enhancement update Advisory ID: SLSA-2020:4040-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2020-12767 CVE-2020-13113 CVE-2020-0093 CVE-2020-0182 CVE-2020-13114 CVE-2019-9278 -- Security Fix(es): * libexif: out of bound write in exif-data.c (CVE-2019-9278) * libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093) * libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113) * libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time (CVE-2020-13114) * libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182) * libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767) -- SL7 x86_64 libexif-0.6.22-1.el7.i686.rpm libexif-0.6.22-1.el7.x86_64.rpm libexif-debuginfo-0.6.22-1.el7.i686.rpm libexif-debuginfo-0.6.22-1.el7.x86_64.rpm libexif-devel-0.6.22-1.el7.i686.rpm libexif-devel-0.6.22-1.el7.x86_64.rpm libexif-doc-0.6.22-1.el7.x86_64.rpm - Scientific Linux Development Team