- Vulnerability/
- USN-4277-1
USN-4277-1: libexif vulnerabilities
First published: Tue Feb 11 2020(Updated: )
Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2016-6328) Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-7544) It was discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-9278)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libexif12 | <0.6.21-5.1ubuntu0.1 | 0.6.21-5.1ubuntu0.1 |
| Ubuntu Ubuntu | =19.10 | |
| All of | ||
| ubuntu/libexif12 | <0.6.21-4ubuntu0.1 | 0.6.21-4ubuntu0.1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libexif12 | <0.6.21-2ubuntu0.1 | 0.6.21-2ubuntu0.1 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libexif12 | <0.6.21-1ubuntu1+esm1 | 0.6.21-1ubuntu1+esm1 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libexif12 | <0.6.20-2ubuntu0.2 | 0.6.20-2ubuntu0.2 |
| Ubuntu Ubuntu | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-6328
- https://ubuntu.com/security/CVE-2017-7544
- https://ubuntu.com/security/CVE-2019-9278
- https://launchpad.net/ubuntu/+source/libexif/0.6.21-5.1ubuntu0.1
- https://launchpad.net/ubuntu/+source/libexif/0.6.21-4ubuntu0.1
- https://launchpad.net/ubuntu/+source/libexif/0.6.21-2ubuntu0.1
- https://launchpad.net/ubuntu/+source/libexif/0.6.20-2ubuntu0.2
- https://ubuntu.com/security/notices/USN-4277-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-4277-1?
The severity of USN-4277-1 is medium.
How does libexif vulnerabilities (USN-4277-1) impact Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, and Ubuntu 16.04 LTS?
The libexif vulnerabilities in USN-4277-1 could allow an attacker to access sensitive information or cause a denial of service in Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, and Ubuntu 16.04 LTS.
How can I fix the libexif vulnerabilities (USN-4277-1) on Ubuntu 19.10?
To fix the libexif vulnerabilities (USN-4277-1) on Ubuntu 19.10, update the 'libexif12' package to version 0.6.21-5.1ubuntu0.1 or later.
What is the remedy for libexif vulnerabilities (USN-4277-1) on Ubuntu 18.04?
The remedy for libexif vulnerabilities (USN-4277-1) on Ubuntu 18.04 is to update the 'libexif12' package to version 0.6.21-4ubuntu0.1 or later.
What is the affected software version of libexif vulnerabilities (USN-4277-1) on Ubuntu 12.04?
The affected software version of libexif vulnerabilities (USN-4277-1) on Ubuntu 12.04 is version 0.6.20-2ubuntu0.2 or earlier.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04