The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libexif12: denial of service

Synthesis of the vulnerability 

An attacker can trigger a fatal error of libexif12, in order to trigger a denial of service.
Impacted software: Debian, Slackware, Ubuntu.
Severity of this computer vulnerability: 1/4.
Creation date: 14/05/2020.
Références of this announce: CVE-2020-12767, DLA-2214-1, SSA:2020-140-02, USN-4358-1, VIGILANCE-VUL-32272.

Description of the vulnerability 

An attacker can trigger a fatal error of libexif12, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Debian, Slackware, Ubuntu.

Our Vigil@nce team determined that the severity of this vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat 

Debian 8: new libexif packages (18/05/2020).
New packages are available:
  Debian 8: libexif 0.6.21-2+deb8u2

Slackware: new libexif packages.
New packages are available:
  Slackware 14.0: libexif 0.6.22-*-1_slack14.0
  Slackware 14.1: libexif 0.6.22-*-1_slack14.1
  Slackware 14.2: libexif 0.6.22-*-1_slack14.2

Ubuntu: new libexif12 packages.
New packages are available:
  Ubuntu 20.04 LTS: libexif12 0.6.21-6ubuntu0.1
  Ubuntu 19.10: libexif12 0.6.21-5.1ubuntu0.2
  Ubuntu 18.04 LTS: libexif12 0.6.21-4ubuntu0.2
  Ubuntu 16.04 LTS: libexif12 0.6.21-2ubuntu0.2
  Ubuntu 14.04 ESM: libexif12 0.6.21-1ubuntu1+esm2
  Ubuntu 12.04 ESM: libexif12 0.6.20-2ubuntu0.3

Wind River Linux: version 10.18.44.17.
The version 10.18.44.17 is fixed:
  https://support2.windriver.com/

Wind River Linux: version 10.19.45.8.
The version 10.19.45.8 is fixed.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability analysis. The technology watch team tracks security threats targeting the computer system.