Unrated severityNVD Advisory· Published May 21, 2020· Updated Aug 4, 2024
CVE-2020-13114
CVE-2020-13114
Description
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- libexif/libexifdescription
- Range: <0.6.22
- osv-coords25 versionspkg:rpm/opensuse/libexif&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libexif&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libexif&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libexif&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libexif&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libexif&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libexif&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0.6.22-lp151.4.6.1+ 24 more
- (no CPE)range: < 0.6.22-lp151.4.6.1
- (no CPE)range: < 0.6.23-1.2
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
- (no CPE)range: < 0.6.22-8.9.1
Patches
Vulnerability mechanics
References
5- lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/202007-05mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4396-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9babmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/05/msg00025.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.