Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-0452

Опубликовано: 10 нояб. 2020
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5
CVSS3: 9.8

Описание

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

РелизСтатусПримечание
bionic

released

0.6.21-4ubuntu0.6
devel

released

0.6.22-3
esm-infra-legacy/trusty

not-affected

0.6.21-1ubuntu1+esm6
esm-infra/bionic

not-affected

0.6.21-4ubuntu0.6
esm-infra/focal

not-affected

0.6.21-6ubuntu0.4
esm-infra/xenial

not-affected

0.6.21-2ubuntu0.6
focal

released

0.6.21-6ubuntu0.4
groovy

released

0.6.22-2ubuntu0.1
precise/esm

not-affected

0.6.20-2ubuntu0.7
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-0452

CVSS3: 9.8
redhat
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

nvd логотип

CVE-2020-0452

CVSS3: 9.8
nvd
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

debian логотип

CVE-2020-0452

CVSS3: 9.8
debian
больше 4 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...

rocky логотип

RLSA-2020:5393

rocky
больше 4 лет назад

Important: libexif security update

github логотип

GHSA-xrf9-3q75-637f

CVSS3: 9.8
github
около 3 лет назад

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731

7.5 High

CVSS2

9.8 Critical

CVSS3