Описание
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libexif | Out of support scope | ||
| Red Hat Enterprise Linux 6 | libexif | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libexif | Fixed | RHSA-2020:5402 | 14.12.2020 |
| Red Hat Enterprise Linux 8 | libexif | Fixed | RHSA-2020:5393 | 14.12.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | libexif | Fixed | RHSA-2020:5396 | 14.12.2020 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | libexif | Fixed | RHSA-2020:5395 | 14.12.2020 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | libexif | Fixed | RHSA-2020:5394 | 14.12.2020 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...
9.8 Critical
CVSS3