CVE-2020-0452
Description
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
14.912
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| library to parse EXIF files (USN-4624-1) libexif12_0.6.21-2ubuntu0.6_i386.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.21-2ubuntu0.6_amd64.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.21-4ubuntu0.6_i386.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.21-4ubuntu0.6_amd64.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.21-6ubuntu0.4_i386.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.21-6ubuntu0.4_amd64.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.22-2ubuntu0.1_i386.deb | Linux |
| library to parse EXIF files (USN-4624-1) libexif12_0.6.22-2ubuntu0.1_amd64.deb | Linux |
| (RHSA-2020:5393) libexif security update libexif-0.6.22-5.el8_3.i686.rpm | Linux |
| (RHSA-2020:5393) libexif security update libexif-0.6.22-5.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5393) libexif security update libexif-debugsource-0.6.22-5.el8_3.i686.rpm | Linux |
| (RHSA-2020:5393) libexif security update libexif-debugsource-0.6.22-5.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5402) libexif security update libexif-0.6.22-2.el7_9.i686.rpm | Linux |
| (RHSA-2020:5402) libexif security update libexif-0.6.22-2.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5402) libexif security update libexif-devel-0.6.22-2.el7_9.i686.rpm | Linux |
| (RHSA-2020:5402) libexif security update libexif-devel-0.6.22-2.el7_9.x86_64.rpm | Linux |
| (RHSA-2020:5402) libexif security update libexif-doc-0.6.22-2.el7_9.x86_64.rpm | Linux |
| Libexif update (ELSA-2020-5393) libexif-0.6.22-5.el8_3.i686.rpm | Linux |
| Libexif update (ELSA-2020-5393) libexif-0.6.22-5.el8_3.x86_64.rpm | Linux |
| Libexif-devel update (ELSA-2020-5393) libexif-devel-0.6.22-5.el8_3.i686.rpm | Linux |
| Libexif-devel update (ELSA-2020-5393) libexif-devel-0.6.22-5.el8_3.x86_64.rpm | Linux |
| Libexif update (ELSA-2020-5402) libexif-0.6.22-2.el7_9.i686.rpm | Linux |
| Libexif update (ELSA-2020-5402) libexif-0.6.22-2.el7_9.x86_64.rpm | Linux |
| Libexif-devel update (ELSA-2020-5402) libexif-devel-0.6.22-2.el7_9.i686.rpm | Linux |
| Libexif-devel update (ELSA-2020-5402) libexif-devel-0.6.22-2.el7_9.x86_64.rpm | Linux |
| Libexif-doc update (ELSA-2020-5402) libexif-doc-0.6.22-2.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5402) libexif security update libexif-0.6.22-2.el7_9.i686.rpm | Linux |
| (CESA-2020:5402) libexif security update libexif-devel-0.6.22-2.el7_9.i686.rpm | Linux |
| (CESA-2020:5402) libexif security update libexif-0.6.22-2.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5402) libexif security update libexif-devel-0.6.22-2.el7_9.x86_64.rpm | Linux |
| (CESA-2020:5402) libexif security update libexif-doc-0.6.22-2.el7_9.x86_64.rpm | Linux |
| SUSE-SU-2022:1168-1(SUSE Linux Enterprise Server 12-SP5 ) libexif-debugsource-0.6.22-8.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1168-1(SUSE Linux Enterprise Server 12-SP5 ) libexif12-0.6.22-8.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1168-1(SUSE Linux Enterprise Server 12-SP5 ) libexif12-32bit-0.6.22-8.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1168-1(SUSE Linux Enterprise Server 12-SP5 ) libexif12-debuginfo-0.6.22-8.13.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1168-1(SUSE Linux Enterprise Server 12-SP5 ) libexif12-debuginfo-32bit-0.6.22-8.13.1.x86_64.rpm | Linux |
| (RHSA-2020:5393)Important: security update libexif-debuginfo-0.6.22-5.el8_3.i686.rpm | Linux |
| (RHSA-2020:5393)Important: security update libexif-debuginfo-0.6.22-5.el8_3.x86_64.rpm | Linux |
| (RHSA-2020:5402)Important: security update libexif-debuginfo-0.6.22-2.el7_9.i686.rpm | Linux |
| (RHSA-2020:5402)Important: security update libexif-debuginfo-0.6.22-2.el7_9.x86_64.rpm | Linux |
| libexif security update (RLSA-2020:5393) libexif-0.6.22-5.el8_3.i686.rpm | Linux |
| libexif security update (RLSA-2020:5393) libexif-0.6.22-5.el8_3.x86_64.rpm | Linux |
| libexif Security Update (ALAS-2021-1580) libexif-0.6.22-2.amzn2.i686.rpm | Linux |
| libexif Security Update (ALAS-2021-1580) libexif-0.6.22-2.amzn2.x86_64.rpm | Linux |
| libexif Security Update (ALAS-2021-1580) libexif-doc-0.6.22-2.amzn2.x86_64.rpm | Linux |
| libexif Security Update (ALAS-2021-1580) libexif-devel-0.6.22-2.amzn2.x86_64.rpm | Linux |
| Important: libexif security update libexif-0.6.22-5.el8_3.i686.rpm | Linux |
| Important: libexif security update libexif-0.6.22-5.el8_3.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234