Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-0452 - log back

CVE-2020-0452 edited at 12 Sep 2021 21:29:16

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Arbitrary code execution

Description

+

In libexif before version 0.6.23, in exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.

References

+	https://source.android.com/security/bulletin/2020-11-01
+	https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b%5E%21/
+	https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06

Notes

CVE-2020-0452 created at 12 Sep 2021 21:24:34