PublicDateAtUSN: 2020-05-21 16:15:00 UTC
Candidate: CVE-2020-13112
PublicDate: 2020-05-21 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
 https://ubuntu.com/security/notices/USN-4396-1
Description:
 An issue was discovered in libexif before 0.6.22. Several buffer over-reads
 in EXIF MakerNote handling could lead to information disclosure and
 crashes. This is different from CVE-2020-0093.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961407
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H [9.1 CRITICAL]


Patches_libexif:
 upstream: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22)
upstream_libexif: needs-triage
precise/esm_libexif: released (0.6.20-2ubuntu0.6)
trusty_libexif: ignored (out of standard support)
trusty/esm_libexif: released (0.6.21-1ubuntu1+esm5)
xenial_libexif: released (0.6.21-2ubuntu0.5)
esm-infra/xenial_libexif: released (0.6.21-2ubuntu0.5)
bionic_libexif: released (0.6.21-4ubuntu0.5)
eoan_libexif: released (0.6.21-5.1ubuntu0.5)
focal_libexif: released (0.6.21-6ubuntu0.3)
devel_libexif: not-affected (0.6.22-1)