CVE-2020-0198

Name
CVE-2020-0198
Description
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://source.android.com/security/bulletin/pixel/2020-06-01
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html
UBUNTU https://usn.ubuntu.com/4396-1/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7/
GENTOO https://security.gentoo.org/glsa/202011-19
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* android == None == 10.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libexif 3.14-community 0.6.23-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libexif 3.15-community 0.6.23-r0 Natanael Copa <ncopa@alpinelinux.org> fixed