Advisories » MGASA-2019-0331

Updated libexif packages fix security vulnerability

Publication date: 19 Nov 2019
Modification date: 19 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-9278

Description

The updated packages fix a security vulnerability:

In libexif, there is a possible out of bounds write due to an integer
overflow. This could lead to remote escalation of privilege in the media
content provider with no additional execution privileges needed. User
interaction is needed for exploitation. (CVE-2019-9278)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25674
• https://www.openwall.com/lists/oss-security/2019/11/07/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278

SRPMS

7/core

• libexif-0.6.21-14.1.mga7