---

CVE-2020-0198 - log back

CVE-2020-0198 edited at 12 Sep 2021 21:28:56
References	https://source.android.com/security/bulletin/pixel/2020-06-01 - https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E! + https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/ https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c

CVE-2020-0198 edited at 12 Sep 2021 21:27:28

Description

- In libexif before version 0.6.23, In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. + In libexif before version 0.6.23, in exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0198 edited at 12 Sep 2021 21:26:52
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ In libexif before version 0.6.23, In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
References	+ https://source.android.com/security/bulletin/pixel/2020-06-01 + https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E! + https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
Notes

CVE-2020-0198 created at 12 Sep 2021 21:24:34