CVE-2020-0452
Summary
| CVE | CVE-2020-0452 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-10 13:15:00 UTC |
| Updated | 2023-11-07 03:13:00 UTC |
| Description | In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 |
Risk And Classification
Problem Types: CWE-787 | CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Android | 10.0 | All | All | All | |
| Operating System | Android | 11.0 | All | All | All | |
| Operating System | Android | 8.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All | |
| Operating System | Android | 9.0 | All | All | All | |
| Operating System | Android | 10.0 | All | All | All | |
| Operating System | Android | 11.0 | All | All | All | |
| Operating System | Android | 8.0 | All | All | All | |
| Operating System | Android | 8.1 | All | All | All | |
| Operating System | Android | 9.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 32 Update: libexif-0.6.22-2.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 33 Update: libexif-0.6.22-3.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| libexif: Multiple vulnerabilities (GLSA 202011-19) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 32 Update: libexif-0.6.22-2.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 33 Update: libexif-0.6.22-3.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Android Security Bulletin—November 2020 | Android Open Source Project | MISC | source.android.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376908 Alibaba Cloud Linux Security Update for libexif (ALINUX2-SA-2020:0191)
- 377153 Alibaba Cloud Linux Security Update for libexif (ALINUX3-SA-2021:0003)
- 501873 Alpine Linux Security Update for libexif
- 504996 Alpine Linux Security Update for libexif
- 670268 EulerOS Security Update for libexif (EulerOS-SA-2021-1809)
- 670319 EulerOS Security Update for libexif (EulerOS-SA-2021-1905)
- 670636 EulerOS Security Update for libexif (EulerOS-SA-2021-2394)
- 752027 SUSE Enterprise Linux Security Update for libexif (SUSE-SU-2022:1148-1)
- 752034 SUSE Enterprise Linux Security Update for libexif (SUSE-SU-2022:1168-1)
- 940135 AlmaLinux Security Update for libexif (ALSA-2020:5393)
- 960389 Rocky Linux Security Update for libexif (RLSA-2020:5393)