FreeBSD : libexif -- multiple vulnerabilities (cff0b2e2-0716-11eb-9e5d-08002728f74c)

High Nessus Plugin ID 141191

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Release notes :

Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others :

CVE-2016-6328: fixed integer overflow when parsing maker notes

CVE-2017-7544: fixed buffer overread

CVE-2018-20030: Fix for recursion DoS

CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs

CVE-2020-0093: read overflow

CVE-2020-12767: fixed division by zero

CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes

CVE-2020-13113: Potential use of uninitialized memory

CVE-2020-13114: Time consumption DoS when parsing canon array markers

Solution

Update the affected package.

See Also

https://github.com/libexif/libexif/blob/master/NEWS

http://www.nessus.org/u?0327a07a

Plugin Details

Severity: High

ID: 141191

File Name: freebsd_pkg_cff0b2e2071611eb9e5d08002728f74c.nasl

Version: 1.1

Type: local

Published: 2020/10/06

Updated: 2020/10/06

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libexif, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2020/10/05

Vulnerability Publication Date: 2020/05/18