Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-9278 CVE-2020-0093 CVE-2020-0182 CVE-2020-12767 CVE-2020-13113 CVE-2020-13114

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 (CVE-2019-9278) In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 (CVE-2020-0093) In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 (CVE-2020-0182) exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. (CVE-2020-12767) An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. (CVE-2020-13113) An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. (CVE-2020-13114)

Source

ALAS2-2020-1523

Amazon Linux 2 Security Advisory: ALAS-2020-1523
Advisory Release Date: 2020-10-22 18:12 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific

Severity: Medium

References: CVE-2019-9278 CVE-2020-0093 CVE-2020-0182 CVE-2020-12767 CVE-2020-13113 CVE-2020-13114

Issue Overview:

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 (CVE-2019-9278)

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 (CVE-2020-0093)

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 (CVE-2020-0182)

exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. (CVE-2020-12767)

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. (CVE-2020-13113)

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. (CVE-2020-13114)

Affected Packages:

libexif

Issue Correction:
Run yum update libexif to update your system.

New Packages:

aarch64:
    libexif-0.6.22-1.amzn2.aarch64
    libexif-devel-0.6.22-1.amzn2.aarch64
    libexif-doc-0.6.22-1.amzn2.aarch64
    libexif-debuginfo-0.6.22-1.amzn2.aarch64

i686:
    libexif-0.6.22-1.amzn2.i686
    libexif-devel-0.6.22-1.amzn2.i686
    libexif-doc-0.6.22-1.amzn2.i686
    libexif-debuginfo-0.6.22-1.amzn2.i686

src:
    libexif-0.6.22-1.amzn2.src

x86_64:
    libexif-0.6.22-1.amzn2.x86_64
    libexif-devel-0.6.22-1.amzn2.x86_64
    libexif-doc-0.6.22-1.amzn2.x86_64
    libexif-debuginfo-0.6.22-1.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2020-1523

ALAS2-2020-1523

Vulmon Search

About

Products

Connect