PublicDateAtUSN: 2020-05-21 17:15:00 UTC
Candidate: CVE-2020-13113
PublicDate: 2020-05-21 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
 https://ubuntu.com/security/notices/USN-4396-1
Description:
 An issue was discovered in libexif before 0.6.22. Use of uninitialized
 memory in EXIF Makernote handling could lead to crashes and potential
 use-after-free conditions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H [8.2 HIGH]


Patches_libexif:
 upstream: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
upstream_libexif: needs-triage
precise/esm_libexif: released (0.6.20-2ubuntu0.6)
trusty_libexif: ignored (out of standard support)
trusty/esm_libexif: released (0.6.21-1ubuntu1+esm5)
xenial_libexif: released (0.6.21-2ubuntu0.5)
esm-infra/xenial_libexif: released (0.6.21-2ubuntu0.5)
bionic_libexif: released (0.6.21-4ubuntu0.5)
eoan_libexif: released (0.6.21-5.1ubuntu0.5)
focal_libexif: released (0.6.21-6ubuntu0.3)
devel_libexif: not-affected (0.6.22-1)