libexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)
CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20030
Patch:
https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
CVE-2020-12767: divide-by-zero in exif_entry_get_value function in exif-entry.c
Exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
References:
Patch:
https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a