CVE-2020-0198

Priority
Description
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN
abort due to an integer overflow. This could lead to remote denial of
service with no additional execution privileges needed. User interaction is
needed for exploitation.Product: AndroidVersions: Android-10Android ID:
A-146428941
Assigned-to
leosilva
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (0.6.20-2ubuntu0.6)
Ubuntu 14.04 ESM (Trusty Tahr):released (0.6.21-1ubuntu1+esm5)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.6.21-2ubuntu0.5)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.6.21-4ubuntu0.5)
Ubuntu 19.10 (Eoan Ermine):released (0.6.21-5.1ubuntu0.5)
Ubuntu 20.04 LTS (Focal Fossa):released (0.6.21-6ubuntu0.3)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.6.22-2)
Patches:
Upstream:https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
Upstream:https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
More Information

Updated: 2020-06-24 19:16:47 UTC (commit cb4804861a8290f6e17141d3d50374ee078e6c08)