Please confirm if CVE-2020-0452 affects capm.
[OS (Linux) and version of CAPM currently in operation]
"Red Hat Enterprise Linux" 7.4 * AWS
[Vulnerability information]
Fixed version:
CVE: CVE-2020-0452
CWE: CWE-190 (integer overflow)
CVSSv3 base value: 9.8
CVSSv3 Parameters: AV: N / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: H
CVSSv2 base value:
CVSSv2 parameters:
Urgent judgment material: There is a possibility of an attack from a remote third party.
Conditions for successful attack: Libexif (library for parsing / editing / saving EXIF data) included in Red Hat Enterprise Linux etc. contains an integer overflow vulnerability.
Impact of successful attack: May affect system confidentiality / integrity / availability.
Countermeasures / Workaround: Formal countermeasures have been published by the vendor. Take appropriate measures by referring to the vendor information.
Information source:
--https://access.redhat.com/errata/RHSA-2020:5393
--https://access.redhat.com/errata/RHSA-2020:5394
--https://access.redhat.com/errata/RHSA-2020:5395
--https://access.redhat.com/errata/RHSA-2020:5396
--https://access.redhat.com/errata/RHSA-2020:5402
--https://access.redhat.com/security/cve/CVE-2020-0452
Release : 3.7.x
Release : 20.x
Component : IM Reporting / Admin / Configuration
This is an OS level library, and it is remediated by the OS vendor:
https://access.redhat.com/errata/RHSA-2020:5402
There are no known issues in CAPM with updating this library.