PublicDateAtUSN: 2020-05-21 16:15:00 UTC
Candidate: CVE-2020-13114
PublicDate: 2020-05-21 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
 https://ubuntu.com/security/notices/USN-4396-1
Description:
 An issue was discovered in libexif before 0.6.22. An unrestricted size in
 handling Canon EXIF MakerNote data could lead to consumption of large
 amounts of compute time for decoding EXIF data.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961410
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libexif:
 upstream: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
upstream_libexif: needs-triage
precise/esm_libexif: released (0.6.20-2ubuntu0.6)
trusty_libexif: ignored (out of standard support)
trusty/esm_libexif: released (0.6.21-1ubuntu1+esm5)
xenial_libexif: released (0.6.21-2ubuntu0.5)
esm-infra/xenial_libexif: released (0.6.21-2ubuntu0.5)
bionic_libexif: released (0.6.21-4ubuntu0.5)
eoan_libexif: released (0.6.21-5.1ubuntu0.5)
focal_libexif: released (0.6.21-6ubuntu0.3)
devel_libexif: not-affected (0.6.22-1)