Please confirm if CVE-2020-0452 affects capm.
[OS (Linux) and version of CAPM currently in operation]
"Red Hat Enterprise Linux" 7.4 * AWS
CWE: CWE-190 (integer overflow)
CVSSv3 base value: 9.8
CVSSv3 Parameters: AV: N / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: H
CVSSv2 base value:
Urgent judgment material: There is a possibility of an attack from a remote third party.
Conditions for successful attack: Libexif (library for parsing / editing / saving EXIF data) included in Red Hat Enterprise Linux etc. contains an integer overflow vulnerability.
Impact of successful attack: May affect system confidentiality / integrity / availability.
Countermeasures / Workaround: Formal countermeasures have been published by the vendor. Take appropriate measures by referring to the vendor information.
Release : 3.7.x
Release : 20.x
Component : IM Reporting / Admin / Configuration
This is an OS level library, and it is remediated by the OS vendor:
There are no known issues in CAPM with updating this library.