Vulnerability Details CVE-2020-0093
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.8%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 1.9
References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
- https://security.gentoo.org/glsa/202007-05
- https://source.android.com/security/bulletin/2020-05-01
- https://usn.ubuntu.com/4396-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html
- https://security.gentoo.org/glsa/202007-05
- https://source.android.com/security/bulletin/2020-05-01
- https://usn.ubuntu.com/4396-1/
Products affected by CVE-2020-0093
-
cpe:2.3:a:libexif_project:libexif:-
-
cpe:2.3:a:libexif_project:libexif:0.5.7
-
cpe:2.3:a:libexif_project:libexif:0.5.9
-
cpe:2.3:a:libexif_project:libexif:0.6.0
-
cpe:2.3:a:libexif_project:libexif:0.6.12
-
cpe:2.3:a:libexif_project:libexif:0.6.14
-
cpe:2.3:a:libexif_project:libexif:0.6.15
-
cpe:2.3:a:libexif_project:libexif:0.6.16
-
cpe:2.3:a:libexif_project:libexif:0.6.17
-
cpe:2.3:a:libexif_project:libexif:0.6.18
-
cpe:2.3:a:libexif_project:libexif:0.6.19
-
cpe:2.3:a:libexif_project:libexif:0.6.20
-
cpe:2.3:a:libexif_project:libexif:0.6.21
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:google:android:10.0
-
cpe:2.3:o:google:android:8.0
-
cpe:2.3:o:google:android:8.1
-
cpe:2.3:o:google:android:9.0
-
cpe:2.3:o:opensuse:leap:15.1