A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input     file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap     chunk metadata, even other applications' private data). (CVE-2016-6328)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to the version of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - A vulnerability was found in libexif. An integer     overflow when parsing the MNOTE entry data of the input     file. This can cause Denial-of-Service (DoS) and     Information Disclosure (disclosing some critical heap     chunk metadata, even other applications' private     data).(CVE-2016-6328)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202007-05 (libexif: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libexif. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

This update for libexif to 0.6.22 fixes the following issues :

Security issues fixed :

CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857).

CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893).

CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).

CVE-2019-9278: Fixed an integer overflow (bsc#1160770).

CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847).

CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475).

CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121).

CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105).

CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed :

libexif was updated to version 0.6.22 :

  - New translations: ms

  - Updated translations for most languages

  - Some useful EXIF 2.3 tag added :

  - EXIF_TAG_GAMMA

  - EXIF_TAG_COMPOSITE_IMAGE

  - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE

  - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE

  - EXIF_TAG_GPS_H_POSITIONING_ERROR

  - EXIF_TAG_CAMERA_OWNER_NAME

  - EXIF_TAG_BODY_SERIAL_NUMBER

  - EXIF_TAG_LENS_SPECIFICATION

  - EXIF_TAG_LENS_MAKE

  - EXIF_TAG_LENS_MODEL

  - EXIF_TAG_LENS_SERIAL_NUMBER

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libexif fixes the following issues :

Security issues fixed :

CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857).

CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893).

CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943).

CVE-2019-9278: Fixed an integer overflow (bsc#1160770).

CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847).

CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475).

CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121).

CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105).

CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed :

libexif was updated to version 0.6.22 :

  - New translations: ms

  - Updated translations for most languages

  - Some useful EXIF 2.3 tag added :

  - EXIF_TAG_GAMMA

  - EXIF_TAG_COMPOSITE_IMAGE

  - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE

  - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE

  - EXIF_TAG_GPS_H_POSITIONING_ERROR

  - EXIF_TAG_CAMERA_OWNER_NAME

  - EXIF_TAG_BODY_SERIAL_NUMBER

  - EXIF_TAG_LENS_SPECIFICATION

  - EXIF_TAG_LENS_MAKE

  - EXIF_TAG_LENS_MODEL

  - EXIF_TAG_LENS_SERIAL_NUMBER

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libexif to 0.6.22 fixes the following issues :

Security issues fixed :

  - CVE-2016-6328: Fixed an integer overflow in parsing     MNOTE entry data of the input file (bsc#1055857).

  - CVE-2017-7544: Fixed an out-of-bounds heap read     vulnerability in exif_data_save_data_entry function in     libexif/exif-data.c (bsc#1059893).

  - CVE-2018-20030: Fixed a denial of service by endless     recursion (bsc#1120943).

  - CVE-2019-9278: Fixed an integer overflow (bsc#1160770).

  - CVE-2020-0093: Fixed an out-of-bounds read in     exif_data_save_data_entry (bsc#1171847).

  - CVE-2020-12767: Fixed a divide-by-zero error in     exif_entry_get_value (bsc#1171475).

  - CVE-2020-13112: Fixed a time consumption DoS when     parsing canon array markers (bsc#1172121).

  - CVE-2020-13113: Fixed a potential use of uninitialized     memory (bsc#1172105).

  - CVE-2020-13114: Fixed various buffer overread fixes due     to integer overflows in maker notes (bsc#1172116).

Non-security issues fixed :

  - libexif was updated to version 0.6.22 :

  - New translations: ms

  - Updated translations for most languages

  - Some useful EXIF 2.3 tag added :

  - EXIF_TAG_GAMMA

  - EXIF_TAG_COMPOSITE_IMAGE

  - EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE

  - EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE

  - EXIF_TAG_GPS_H_POSITIONING_ERROR

  - EXIF_TAG_CAMERA_OWNER_NAME

  - EXIF_TAG_BODY_SERIAL_NUMBER

  - EXIF_TAG_LENS_SPECIFICATION

  - EXIF_TAG_LENS_MAKE

  - EXIF_TAG_LENS_MODEL

  - EXIF_TAG_LENS_SERIAL_NUMBER

This update was imported from the SUSE:SLE-15:Update update project.

New libexif packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files.

CVE-2016-6328

An integer overflow when parsing the MNOTE entry data of the input file had been found. This could have caused denial of service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).

CVE-2017-7544

libexif had been vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which could have caused denial of service or possibly information disclosure.

CVE-2018-20030

An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version could have been exploited to exhaust available CPU resources.

CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there was a possible out of bounds read due to a missing bounds check. This could have lead to local information disclosure with no additional execution privileges needed. User interaction was needed for exploitation.

CVE-2020-12767

libexif had a divide-by-zero error in exif_entry_get_value in exif-entry.c

For Debian 8 'Jessie', these problems have been fixed in version 0.6.21-2+deb8u2.

We recommend that you upgrade your libexif packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4277-1 advisory.

    Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use     this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu     12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328)

    Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could     possibly use this issue to access sensitive information or cause a denial of service. This issue only     affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544)

    It was discovered that libexif incorrectly handled certain files. An attacker could possibly use this     issue to execute arbitrary code. (CVE-2019-9278)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Most digital cameras produce EXIF files, which are JPEG     files with extra tags that contain information about     the image. The EXIF library allows you to parse an EXIF     file and read the data from those tags.

  - Security fix(es):

  - A vulnerability was found in libexif. An integer     overflow when parsing the MNOTE entry data of the input     file. This can cause Denial-of-Service (DoS) and     Information Disclosure (disclosing some critical heap     chunk metadata, even other applications' private     data).(CVE-2016-6328)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libexif fixes several issues. These security issues were fixed :

  - CVE-2016-6328: Fixed integer overflow in parsing MNOTE     entry data of the input file (bsc#1055857)

  - CVE-2017-7544: Fixed out-of-bounds heap read     vulnerability in exif_data_save_data_entry function in     libexif/exif-data.c caused by improper length     computation of the allocated data of an ExifMnote entry     which can cause denial-of-service or possibly     information disclosure (bsc#1059893)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libexif fixes several issues.

These security issues were fixed :

  - CVE-2016-6328: Fixed integer overflow in parsing MNOTE     entry data of the input file (bsc#1055857)

  - CVE-2017-7544: Fixed out-of-bounds heap read     vulnerability in exif_data_save_data_entry function in     libexif/exif-data.c caused by improper length     computation of the allocated data of an ExifMnote entry     which can cause denial-of-service or possibly     information disclosure (bsc#1059893)

This update was imported from the SUSE:SLE-12:Update update project.

Patch for CVE-2016-6328

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
219755	Linux Distros Unpatched Vulnerability : CVE-2016-6328	Nessus	Misc.	high
146175	EulerOS 2.0 SP5 : libexif (EulerOS-SA-2021-1201)	Nessus	Huawei Local Security Checks	high
138928	GLSA-202007-05 : libexif: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
138264	SUSE SLED15 / SLES15 Security Update : libexif (SUSE-SU-2020:1553-2)	Nessus	SuSE Local Security Checks	critical
137592	SUSE SLED15 / SLES15 Security Update : libexif (SUSE-SU-2020:1553-1)	Nessus	SuSE Local Security Checks	critical
137584	SUSE SLES12 Security Update : libexif (SUSE-SU-2020:1534-1)	Nessus	SuSE Local Security Checks	critical
137392	openSUSE Security Update : libexif (openSUSE-2020-793)	Nessus	SuSE Local Security Checks	critical
136729	Slackware 14.0 / 14.1 / 14.2 / current : libexif (SSA:2020-140-02)	Nessus	Slackware Local Security Checks	critical
136674	Debian DLA-2214-1 : libexif security update	Nessus	Debian Local Security Checks	critical
133649	Ubuntu 16.04 LTS / 18.04 LTS : libexif vulnerabilities (USN-4277-1)	Nessus	Ubuntu Local Security Checks	critical
129229	EulerOS 2.0 SP3 : libexif (EulerOS-SA-2019-2036)	Nessus	Huawei Local Security Checks	high
128902	EulerOS 2.0 SP2 : libexif (EulerOS-SA-2019-1850)	Nessus	Huawei Local Security Checks	high
106343	SUSE SLED12 / SLES12 Security Update : libexif (SUSE-SU-2018:0193-1)	Nessus	SuSE Local Security Checks	critical
106325	openSUSE Security Update : libexif (openSUSE-2018-86)	Nessus	SuSE Local Security Checks	critical
105956	Fedora 27 : libexif (2017-b24ef59f94)	Nessus	Fedora Local Security Checks	high
105708	Fedora 26 : libexif (2017-c28bfe0986)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2016-6328

high

Tenable Plugins

high

high

critical

critical

critical

critical

critical

critical

critical

critical

high

high

critical

critical

high

high