CVE-2020-0198 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	In libexif before version 0.6.23, in exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2376	libexif	0.6.22-1	0.6.23-1	Medium	Fixed

References
https://source.android.com/security/bulletin/pixel/2020-06-01 https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/ https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c

References

https://source.android.com/security/bulletin/pixel/2020-06-01
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/
https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c