CVE-2020-0452 - log back

CVE-2020-0452 edited at 12 Sep 2021 21:29:16
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ In libexif before version 0.6.23, in exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.
References
+ https://source.android.com/security/bulletin/2020-11-01
+ https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b%5E%21/
+ https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
Notes
CVE-2020-0452 created at 12 Sep 2021 21:24:34