Updated libexif packages fix security vulnerabilityPublication date: 03 Jan 2018
Affected Mageia releases : 5 , 6
A vulnerability was found in libexif. The vulnerability is caused by an integer overflow. In some cases, the integer overflow can cause Heap Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other cases, the integer overflow can cause use of uninitialized pointer variable, i.e. Use of Uninitialized Variable Vulnerability. The vulnerability happens when parsing MNOTE entry data of the input file. The vulnerability can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications’ private data) (CVE-2016-6328).