Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 708728 (CVE-2016-6328, CVE-2019-9278, CVE-2020-0093, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113, CVE-2020-13114) - <media-libs/libexif-0.6.22: Multiple vulnerabilities (CVE-2016-6328, CVE-2019-9278, CVE-2020-{0093,12767,13112,13113,13114})
Summary: <media-libs/libexif-0.6.22: Multiple vulnerabilities (CVE-2016-6328, CVE-2019...
Status: RESOLVED FIXED
Alias: CVE-2016-6328, CVE-2019-9278, CVE-2020-0093, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113, CVE-2020-13114
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-08 13:50 UTC by filip ambroz
Modified: 2020-07-26 23:29 UTC (History)
2 users (show)

See Also:
Package list:
media-libs/libexif-0.6.22
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-02-08 13:50:19 UTC
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.

References:
https://www.openwall.com/lists/oss-security/2019/10/25/17
Comment 1 filip ambroz 2020-02-08 14:00:43 UTC
I am not entirely sure if the gentoo is affected. It should be similar to this bug: https://bugs.gentoo.org/701834

Please take also look here:
https://security-tracker.debian.org/tracker/CVE-2019-9278
https://nvd.nist.gov/vuln/detail/CVE-2019-9278
Comment 2 Sam James archtester gentoo-dev Security 2020-05-10 14:31:02 UTC
(In reply to filip ambroz from comment #1)
> I am not entirely sure if the gentoo is affected. It should be similar to
> this bug: https://bugs.gentoo.org/701834
> 

Okay, I think so. I'll call this upstream/ebuild but upstream have not made a release in years so we'll just have to apply the patches.

----
* CVE-2020-12767

Description:
"exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error."

Bug: https://github.com/libexif/libexif/issues/31
Patch: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72
Comment 3 Sam James archtester gentoo-dev Security 2020-05-22 04:12:34 UTC
* CVE-2020-13112

Description:
"An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093."

* CVE-2020-13113

Description:
"An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions."

* CVE-2020-13114

Description:
"An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data."
Comment 4 Sam James archtester gentoo-dev Security 2020-05-22 04:14:26 UTC
* CVE-2020-0093

Description:
"In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."

* CVE-2016-6328

Description:
"A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data)."
Comment 5 Sam James archtester gentoo-dev Security 2020-05-22 04:15:12 UTC
0.6.22 is out with these fixes (hurray!)

URL: https://github.com/libexif/libexif/releases/tag/libexif-0_6_22-release
Comment 6 Larry the Git Cow gentoo-dev 2020-06-17 01:11:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e0bf10d15211a298201e01836069c5ec605bc37

commit 8e0bf10d15211a298201e01836069c5ec605bc37
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-05-22 05:37:15 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-17 01:00:11 +0000

    media-libs/libexif: Security bump to 0.6.22
    
    Bug: https://bugs.gentoo.org/708728
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 media-libs/libexif/Manifest              |  1 +
 media-libs/libexif/libexif-0.6.22.ebuild | 49 ++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
Comment 7 Thomas Deutschmann gentoo-dev Security 2020-06-20 13:50:25 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-21 17:00:11 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-06-21 17:05:31 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-06-21 17:10:22 UTC
ppc64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-06-22 06:59:13 UTC
amd64 stable
Comment 12 Sam James archtester gentoo-dev Security 2020-06-22 09:35:33 UTC
arm64 stable already
Comment 13 Rolf Eike Beer archtester 2020-06-23 18:16:21 UTC
hppa stable
Comment 14 Rolf Eike Beer archtester 2020-06-24 17:45:06 UTC
sparc stable
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:29:43 UTC
This issue was resolved and addressed in
 GLSA 202007-05 at https://security.gentoo.org/glsa/202007-05
by GLSA coordinator Sam James (sam_c).