Need confirmation for potential OOB vulnerability

Question

Need confirmation for potential OOB vulnerability

Opened this issue 9 months ago · 1 comments

Crispy-fried-chicken commented 9 months ago

Hi,
Our tool have found that this repo reuse some of the libexif code and may cause a vulnerability. Several buffer over-reads in EXIF MakerNote handling could have lead to information disclosure and crashes. It shares a similarity to the CVE-2020-13112 and the fix is libexif/libexif@435e21f. Would you can help to check if this bug is true? If it's true, maybe you can fix it by the patch I mentioned before, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!

Answer 1 · 2024-02-14T14:59:28.000Z

First of all, thank you very much for your interest.

Unfortunately this project is being archived and will not be maintained. It will still be kept public for reference purposes. The Qemu version has not been updated in some time and is therefore subject to any bugs or vulnerabilities discovered since then.