[3.6] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)
One heap-based out-of-bounds read vulnerabiltiy exists in
libexif-0.6.21. When saving the data of an entry tagged with
“EXIF_TAG_MAKER_NOTE” to
a buffer and copying the data of the exif entry, there is a mismatch
between the computed read size of the entry data and the size of the
allocated entry data.
The vulnerability can cause Denial-of-Service, even Information
Disclosure (disclosing some critical heap chunk metadata, even other
applications’ private data).
References:
https://sourceforge.net/p/libexif/bugs/130/
https://nvd.nist.gov/vuln/detail/CVE-2017-7544
(from redmine: issue id 9524, created on 2018-10-08, closed on 2018-10-09)
- Relations:
- parent #9520 (closed)
- Changesets:
- Revision 40b6f3c4 on 2018-10-08T13:51:08Z:
main/libexif: security fix (CVE-2017-7544)
Fixes #9524