First published: Wed May 13 2020(Updated: )
It was discovered that libexif incorrectly handled certain tags. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-20030) It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2020-12767)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libexif12 | <0.6.21-6ubuntu0.1 | 0.6.21-6ubuntu0.1 |
=20.04 | ||
All of | ||
ubuntu/libexif12 | <0.6.21-5.1ubuntu0.2 | 0.6.21-5.1ubuntu0.2 |
=19.10 | ||
All of | ||
ubuntu/libexif12 | <0.6.21-4ubuntu0.2 | 0.6.21-4ubuntu0.2 |
=18.04 | ||
All of | ||
ubuntu/libexif12 | <0.6.21-2ubuntu0.2 | 0.6.21-2ubuntu0.2 |
=16.04 | ||
All of | ||
ubuntu/libexif12 | <0.6.21-1ubuntu1+esm2 | 0.6.21-1ubuntu1+esm2 |
=14.04 | ||
All of | ||
ubuntu/libexif12 | <0.6.20-2ubuntu0.3 | 0.6.20-2ubuntu0.3 |
=12.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-4358-1 is medium.
The vulnerability ID for libexif is CVE-2018-20030 and CVE-2020-12767.
An attacker can exploit libexif vulnerabilities to cause a denial of service or crash.
Versions 20.04, 19.10, 18.04, 16.04, 14.04, and 12.04 of Ubuntu are affected by libexif vulnerabilities.
To fix libexif vulnerabilities, update the libexif package to version 0.6.21-6ubuntu0.1 (for Ubuntu 20.04), 0.6.21-5.1ubuntu0.2 (for Ubuntu 19.10), 0.6.21-4ubuntu0.2 (for Ubuntu 18.04), 0.6.21-2ubuntu0.2 (for Ubuntu 16.04), 0.6.21-1ubuntu1+esm2 (for Ubuntu 14.04), or 0.6.20-2ubuntu0.3 (for Ubuntu 12.04).