CVE-2020-0093 — Out-of-bounds Read in Google Android
Severity
9.1CRITICALNVD
NVD5.0CNA5.0OSV5.0
EPSS
0.2%
top 60.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 14
Latest updateMay 24
Description
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04
Patches
🔴Vulnerability Details
7📋Vendor Advisories
6Red Hat▶
libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS↗2020-05-16
Red Hat▶
libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c↗2020-05-04
Android▶
CVE-2020-0093: Android Security Bulletin 2020-05-01
CVE: CVE-2020-0093
Severity: HIGH
Type: ID
Affected AOSP versions: 8↗2020-05-01
Debian▶
CVE-2020-0093: libexif - In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds r...↗2020
💬Community
3Bugzilla▶
CVE-2020-0093 libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c↗2020-06-30
Bugzilla▶
CVE-2020-0093 libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c [fedora-all]↗2020-06-30
Bugzilla▶
CVE-2020-13112 libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS↗2020-05-26