Alpine: multiple libexif packages: security update to 0.6.22-r0

critical Tenable Self-Hosted Container Security Plugin ID 405161

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote
escalation of privilege in the media content provider with no additional execution privileges needed. User
interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
(CVE-2019-9278)

- A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input
file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap
chunk metadata, even other applications' private data). (CVE-2016-6328)

- An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version
0.6.21 can be exploited to exhaust available CPU resources. (CVE-2018-20030)

- In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing
bounds check. This could lead to local information disclosure with no additional execution privileges
needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1
Android-9 Android-10Android ID: A-148705132 (CVE-2020-0093)

See Also

https://security.alpinelinux.org/vuln/CVE-2016-6328

https://security.alpinelinux.org/vuln/CVE-2018-20030

https://security.alpinelinux.org/vuln/CVE-2019-9278

https://security.alpinelinux.org/vuln/CVE-2020-0093

https://security.alpinelinux.org/vuln/CVE-2020-12767

https://security.alpinelinux.org/vuln/CVE-2020-13112

https://security.alpinelinux.org/vuln/CVE-2020-13113

https://security.alpinelinux.org/vuln/CVE-2020-13114

Plugin Details

Severity: Critical

ID: 405161

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9278

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-13112

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/17/2017

Reference Information

CVE: CVE-2016-6328, CVE-2018-20030, CVE-2019-9278, CVE-2020-0093, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113, CVE-2020-13114