Source: libexif Version: 0.6.21-2 Severity: important Tags: security patch upstream Forwarded: https://sourceforge.net/p/libexif/bugs/130/
Hi, the following vulnerability was published for libexif. CVE-2017-7544[0]: | libexif through 0.6.21 is vulnerable to out-of-bounds heap read | vulnerability in exif_data_save_data_entry function in | libexif/exif-data.c caused by improper length computation of the | allocated data of an ExifMnote entry which can cause denial-of-service | or possibly information disclosure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 [1] https://sourceforge.net/p/libexif/bugs/130/ The attched report in the upstream bug is password protected, but there is a produced patch by Marcus Meissner in the upstream bug. Regards, Salvatore