Published: 10/11/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 8.0
google android 8.1
google android 9.0
google android 10.0
google android 11.0
fedoraproject fedora 32
fedoraproject fedora 33

It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow For the stable distribution (buster), this problem has been fixed in version 0621-51+deb10u5 We recommend that you upgrade your libexif packages For the detailed security status o ...

Synopsis Important: libexif security update Type/Severity Security Advisory: Important Topic An update for libexif is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: libexif security update Type/Severity Security Advisory: Important Topic An update for libexif is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: libexif security update Type/Severity Security Advisory: Important Topic An update for libexif is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: libexif security update Type/Severity Security Advisory: Important Topic An update for libexif is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Important: libexif security update Type/Severity Security Advisory: Important Topic An update for libexif is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

A flaw was found in libexif A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-0452) ...

In libexif before version 0623, in exif_entry_get_value of exif-entryc, there is a possible out of bounds write due to an integer overflow This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed User interaction is not needed for exploitation ...

CWE-787 CWE-190 https://source.android.com/security/bulletin/2020-11-01 https://security.gentoo.org/glsa/202011-19 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN/https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4786

CVE-2020-0452

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect