libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)
One heap-based out-of-bounds read vulnerabiltiy exists in
libexif-0.6.21. When saving the data of an entry tagged with
a buffer and copying the data of the exif entry, there is a mismatch between the computed read size of the entry data and the size of the allocated entry data.
The vulnerability can cause Denial-of-Service, even Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data).
(from redmine: issue id 9520, created on 2018-10-08, closed on 2018-10-09)
- child #9521
- child #9522
- child #9523
- child #9524
- child #9525