advisories/25674.adv

type: security
subject: Updated libexif packages fix security vulnerability
CVE:
 - CVE-2019-9278
src:
  7:
   core:
     - libexif-0.6.21-14.1.mga7
description: |
  The updated packages fix a security vulnerability:

  In libexif, there is a possible out of bounds write due to an integer
  overflow. This could lead to remote escalation of privilege in the media
  content provider with no additional execution privileges needed. User
  interaction is needed for exploitation. (CVE-2019-9278)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25674
 - https://www.openwall.com/lists/oss-security/2019/11/07/1
ID: MGASA-2019-0331
1	type: security
2	subject: Updated libexif packages fix security vulnerability
3	CVE:
4	- CVE-2019-9278
5	src:
6	7:
7	core:
8	- libexif-0.6.21-14.1.mga7
9	description: \|
10	The updated packages fix a security vulnerability:
11
12	In libexif, there is a possible out of bounds write due to an integer
13	overflow. This could lead to remote escalation of privilege in the media
14	content provider with no additional execution privileges needed. User
15	interaction is needed for exploitation. (CVE-2019-9278)
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=25674
18	- https://www.openwall.com/lists/oss-security/2019/11/07/1
19	ID: MGASA-2019-0331