[3.7] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)ID: oval:org.secpod.oval:def:1801194 | Date: (C)2018-10-12 (M)2022-10-19 |
Class: PATCH | Family: unix |
One heap-based out-of-bounds read vulnerabiltiy exists in libexif-0.6.21. When saving the data of an entry tagged with EXIF_TAG_MAKER_NOTE to a buffer and copying the data of the exif entry, there is a mismatch between the computed read size of the entry data and the size of the allocated entry data. The vulnerability can cause Denial-of-Service, even Information Disclosure .
Platform: |
Alpine Linux 3.7 |