Описание
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1:3.00-4 |
| cosmic | not-affected | 1:3.00-4 |
| devel | not-affected | 1:3.00-4 |
| esm-apps/bionic | not-affected | 1:3.00-4 |
| esm-apps/xenial | released | 1:3.00-4+deb9u1build0.16.04.1 |
| esm-infra-legacy/trusty | released | 1:2.97-1+deb8u1build0.14.04.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | released | 1:2.97-1+deb8u1build0.14.04.1 |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4 ...
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
Уязвимость операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3