{"id":"MGASA-2018-0051","summary":"Updated libexif packages fix security vulnerability","details":"A vulnerability was found in libexif. The vulnerability is caused by an\ninteger overflow. In some cases, the integer overflow can cause Heap\nOut-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other\ncases, the integer overflow can cause use of uninitialized pointer variable,\ni.e. Use of Uninitialized Variable Vulnerability. The vulnerability happens\nwhen parsing MNOTE entry data of the input file. The vulnerability can cause\nDenial-of-Service (DoS) and Information Disclosure (disclosing some critical\nheap chunk metadata, even other applications’ private data) (CVE-2016-6328).\n","modified":"2026-04-16T01:46:29.900213311Z","published":"2018-01-03T15:50:51Z","upstream":["CVE-2016-6328"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0051.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22277"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIGG5FKK6ZHUBJDSP7RIETVHWRZBTPRO/"}],"affected":[{"package":{"name":"libexif","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libexif?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.21-8.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0051.json"}},{"package":{"name":"libexif","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libexif?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.21-9.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0051.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}