{"id":"USN-4277-1","summary":"libexif vulnerabilities","details":"Liu Bingchang discovered that libexif incorrectly handled certain files.\nAn attacker could possibly use this issue to access sensitive information or\ncause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and\nUbuntu 16.04 LTS. (CVE-2016-6328)\n\nLili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files.\nAn attacker could possibly use this issue to access sensitive information or cause\na denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and\nUbuntu 16.04 LTS. (CVE-2017-7544)\n\nIt was discovered that libexif incorrectly handled certain files. An attacker could\npossibly use this issue to execute arbitrary code. (CVE-2019-9278)\n","modified":"2026-04-22T10:09:29.540480Z","published":"2020-02-11T16:48:04Z","related":["UBUNTU-CVE-2016-6328","UBUNTU-CVE-2017-7544","UBUNTU-CVE-2019-9278"],"upstream":["CVE-2016-6328","CVE-2017-7544","CVE-2019-9278","UBUNTU-CVE-2016-6328","UBUNTU-CVE-2017-7544","UBUNTU-CVE-2019-9278"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4277-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6328"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7544"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9278"}],"affected":[{"package":{"name":"libexif","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/libexif@0.6.21-1ubuntu1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.21-1ubuntu1+esm1"}]}],"versions":["0.6.21-1","0.6.21-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"libexif12","binary_version":"0.6.21-1ubuntu1+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2016-6328","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-7544","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-9278","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4277-1.json"}},{"package":{"name":"libexif","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/libexif@0.6.21-2ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.21-2ubuntu0.1"}]}],"versions":["0.6.21-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libexif12","binary_version":"0.6.21-2ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2016-6328","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-7544","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-9278","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4277-1.json"}},{"package":{"name":"libexif","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/libexif@0.6.21-4ubuntu0.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.21-4ubuntu0.1"}]}],"versions":["0.6.21-2.1","0.6.21-4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libexif12","binary_version":"0.6.21-4ubuntu0.1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2019-9278","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4277-1.json"}}],"schema_version":"1.7.5"}