This repository has been archived by the owner on Feb 21, 2024. It is now read-only.
Need confirmation for potential OOB vulnerability #126
Comments
|
First of all, thank you very much for your interest. Unfortunately this project is being archived and will not be maintained. It will still be kept public for reference purposes. The Qemu version has not been updated in some time and is therefore subject to any bugs or vulnerabilities discovered since then. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
Our tool have found that this repo reuse some of the libexif code and may cause a vulnerability. Several buffer over-reads in EXIF MakerNote handling could have lead to information disclosure and crashes. It shares a similarity to the CVE-2020-13112 and the fix is libexif/libexif@435e21f. Would you can help to check if this bug is true? If it's true, maybe you can fix it by the patch I mentioned before, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!
The text was updated successfully, but these errors were encountered: