OESA-2021-1286

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1286

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1286.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1286

Upstream

CVE-2020-13113

CVE-2020-13114

Published

2021-07-31T11:03:05Z

Modified

2025-08-12T05:05:06.974933Z

Summary

libexif security update

Details

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.

Security Fix(es):

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.(CVE-2020-13113)

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.(CVE-2020-13114)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / libexif

Package

Name: libexif
Purl: pkg:rpm/openEuler/libexif&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-22.oe1

Ecosystem specific

{
    "aarch64": [
        "libexif-0.6.21-22.oe1.aarch64.rpm",
        "libexif-debuginfo-0.6.21-22.oe1.aarch64.rpm",
        "libexif-devel-0.6.21-22.oe1.aarch64.rpm",
        "libexif-debugsource-0.6.21-22.oe1.aarch64.rpm"
    ],
    "src": [
        "libexif-0.6.21-22.oe1.src.rpm"
    ],
    "x86_64": [
        "libexif-devel-0.6.21-22.oe1.x86_64.rpm",
        "libexif-debugsource-0.6.21-22.oe1.x86_64.rpm",
        "libexif-debuginfo-0.6.21-22.oe1.x86_64.rpm",
        "libexif-0.6.21-22.oe1.x86_64.rpm"
    ],
    "noarch": [
        "libexif-help-0.6.21-22.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / libexif

Package

Name: libexif
Purl: pkg:rpm/openEuler/libexif&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-22.oe1

Ecosystem specific

{
    "aarch64": [
        "libexif-devel-0.6.21-22.oe1.aarch64.rpm",
        "libexif-debugsource-0.6.21-22.oe1.aarch64.rpm",
        "libexif-debuginfo-0.6.21-22.oe1.aarch64.rpm",
        "libexif-0.6.21-22.oe1.aarch64.rpm"
    ],
    "src": [
        "libexif-0.6.21-22.oe1.src.rpm"
    ],
    "x86_64": [
        "libexif-0.6.21-22.oe1.x86_64.rpm",
        "libexif-devel-0.6.21-22.oe1.x86_64.rpm",
        "libexif-debuginfo-0.6.21-22.oe1.x86_64.rpm",
        "libexif-debugsource-0.6.21-22.oe1.x86_64.rpm"
    ],
    "noarch": [
        "libexif-help-0.6.21-22.oe1.noarch.rpm"
    ]
}