{"containers":{"cna":{"affected":[{"product":"libexif","vendor":"[UNKNOWN]","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-07-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data)."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-07-27T00:06:17.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328"},{"name":"USN-4277-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/4277-1/"},{"name":"[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"},{"name":"openSUSE-SU-2020:0793","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"},{"name":"GLSA-202007-05","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202007-05"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T01:29:19.973Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328"},{"name":"USN-4277-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/4277-1/"},{"name":"[debian-lts-announce] 20200518 [SECURITY] [DLA 2214-1] libexif security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"},{"name":"openSUSE-SU-2020:0793","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"},{"name":"GLSA-202007-05","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202007-05"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2016-6328","datePublished":"2018-10-31T21:00:00.000Z","dateReserved":"2016-07-26T00:00:00.000Z","dateUpdated":"2024-08-06T01:29:19.973Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}