Source: exiftags Version: 1.01-7 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi Laszlo, The following vulnerability was published for exiftags. CVE-2023-50671[0]: | In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer | overflow (write of size 28) because snprintf can write to an | unexpected address. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-50671 https://www.cve.org/CVERecord?id=CVE-2023-50671 [1] https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/ Regards, Salvatore