Dan Fandrich

5 exploits Active since Apr 2017
CVE-2017-7407 WRITEUP LOW WRITEUP
curl 7.53.1 - Heap-Based Buffer Over-Read via --write-out Argument
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
CVSS 2.4
CVE-2018-20030 WRITEUP HIGH WRITEUP
libexif 0.6.21 - Denial of Service via EXIF Tag Processing
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVSS 7.5
CVE-2020-13112 WRITEUP CRITICAL WRITEUP
libexif < 0.6.22 - Out-of-bounds Read in EXIF MakerNote Handling
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
CVSS 9.1
CVE-2020-13113 WRITEUP HIGH WRITEUP
libexif <0.6.22 - Memory Corruption
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
CVSS 8.2
CVE-2020-13114 WRITEUP HIGH WRITEUP
libexif < 0.6.22 - Denial of Service via Canon EXIF MakerNote Data
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
CVSS 7.5