CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0181 – libexif: integer overflow in exif_data_load_data_thumbnail function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0181
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 En la función la función exif_data_load_data_thumbnail del archivo exif-data.c, se presenta una posible denegación de servicio debido a un desbordamiento de enteros. Esto podría conllevar a una denegación de servicio remota sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7 https://security.gentoo.org/glsa/202011-19 https://source.android.com/security/bulletin/pixel/2020-06-01 https://access.redhat.com/security/cve/CVE-2020-0181 https://bugzilla.redhat.com/show_bug.cgi?id=1847131 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 13%CPEs: 11EXPL: 0CVE-2020-0198 – libexif: integer overflow in exif_data_load_data_content function in exif-data.c
https://notcve.org/view.php?id=CVE-2020-0198
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 En la función exif_data_load_data_content del archivo exif-data.c, se presenta un posible aborto de UBSAN debido a un desbordamiento de enteros. Esto podría conllevar a una denegación de servicio remota sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. • https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELDZR6USD5PR34MRK2ZISLCYJ465FNKN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVBD5JRUQPN4LQHTAAJHA3MR5M7YTAC7 https://security.gentoo.org/glsa/202011-19 https://source.android.com/security/bulletin/pixel/2020-06-01 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-0198 https:/ • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13113 – libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free
https://notcve.org/view.php?id=CVE-2020-13113
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Un uso de la memoria no inicializada en el manejo de EXIF Makemote podría conllevar a bloqueos y condiciones potenciales de uso de la memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13113 https://bugzilla.redhat.com/show_bug.cgi?id=1840347 • CWE-822: Untrusted Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-13112 – libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS
https://notcve.org/view.php?id=CVE-2020-13112
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Se descubrió un problema en libexif versiones anteriores a la versión 0.6.22. Varias lecturas excesivas de buffer en el manejo de EXIF MakerNote podrían conllevar a una divulgación de información y a bloqueos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13112 https://bugzilla.redhat.com/show_bug.cgi?id=1840344 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13114 – libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time
https://notcve.org/view.php?id=CVE-2020-13114
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Se descubrió un problema en el libexif versiones anteriores a la versión 0.6.22. Un tamaño sin restricciones en el manejo de los datos de Canon EXIF MakerNote podría conllevar al consumo de grandes cantidades de tiempo de cálculo para la decodificación de datos EXIF. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-13114 https://bugzilla.redhat.com/show_bug.cgi?id=1840350 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •