SB2020051953 - Division by zero in libexif (Alpine package)
Published: May 19, 2020
Security Bulletin ID
SB2020051953
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Division by zero (CVE-ID: CVE-2020-12767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to division by zero error in "exif_entry_get_value" in the "exif-entry.c" file. A local user can cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5dea23e076ed7123339473f529d74d8a9362e7c6
- https://git.alpinelinux.org/aports/commit/?id=726529dabef044127d02831c4b26fa6c6fc9d5f5
- https://git.alpinelinux.org/aports/commit/?id=7d1a8137daa5c1f5312ad957dc1857027b8999df
- https://git.alpinelinux.org/aports/commit/?id=9959b863135bbaa1251dbddfa038c9256e155702
- https://git.alpinelinux.org/aports/commit/?id=cc9c8ab403cd5dfa204be58c326dd98d0702d70c