CVE-2020-13114
First published: Thu May 21 2020(Updated: )
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/libexif | <0.6.21-4ubuntu0.5 | 0.6.21-4ubuntu0.5 |
| ubuntu/libexif | <0.6.21-5.1ubuntu0.5 | 0.6.21-5.1ubuntu0.5 |
| ubuntu/libexif | <0.6.21-6ubuntu0.3 | 0.6.21-6ubuntu0.3 |
| ubuntu/libexif | <0.6.21-1ubuntu1+ | 0.6.21-1ubuntu1+ |
| ubuntu/libexif | <0.6.21-2ubuntu0.5 | 0.6.21-2ubuntu0.5 |
| <0.6.22 | ||
| =12.04 | ||
| =14.04 | ||
| =16.04 | ||
| =18.04 | ||
| =19.10 | ||
| =20.04 | ||
| =15.1 | ||
| Libexif Project Libexif | <0.6.22 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Canonical Ubuntu Linux | =20.04 | |
| openSUSE Leap | =15.1 | |
| debian/libexif | 0.6.21-5.1+deb10u5 0.6.22-3 0.6.24-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
- https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://usn.ubuntu.com/4396-1/
- https://security.gentoo.org/glsa/202007-05
- https://launchpad.net/bugs/cve/CVE-2020-13114
- https://security-tracker.debian.org/tracker/CVE-2020-13114
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
- https://ubuntu.com/security/notices/USN-4396-1
- https://nvd.nist.gov/vuln/detail/CVE-2020-13114
- https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
- https://ubuntu.com/security/CVE-2020-13114
Frequently Asked Questions
What is CVE-2020-13114?
CVE-2020-13114 is a vulnerability in libexif before version 0.6.22 that allows for unrestricted size in handling Canon EXIF MakerNote data, leading to excessive computational resource consumption when decoding EXIF data.
What is the severity of CVE-2020-13114?
The severity of CVE-2020-13114 is high, with a severity value of 7.5.
How does CVE-2020-13114 affect me?
If you are using a version of libexif before 0.6.22, you may be vulnerable to CVE-2020-13114, which could result in excessive consumption of compute resources when decoding EXIF data.
How can I fix CVE-2020-13114?
To fix CVE-2020-13114, you should update libexif to version 0.6.22 or later. Check the official Ubuntu or Debian security notices for specific package versions and remedies.
Where can I find more information about CVE-2020-13114?
You can find more information about CVE-2020-13114 on the MITRE CVE database, Ubuntu security notices, and the NIST National Vulnerability Database.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- vendor/libexif project
- canonical/libexif project libexif
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- version/canonical ubuntu linux/20.04
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- package-manager/debian
- package-manager/ubuntu