In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Android | 8.0 (including) | 8.0 (including) | |
Android | 8.1 (including) | 8.1 (including) | |
Android | 9.0 (including) | 9.0 (including) | |
Android | 10.0 (including) | 10.0 (including) | |
Red Hat Enterprise Linux 7 | RedHat | libexif-0:0.6.22-1.el7 | * |
Red Hat Enterprise Linux 8 | RedHat | libexif-0:0.6.22-4.el8 | * |
Libexif | Ubuntu | bionic | * |
Libexif | Ubuntu | eoan | * |
Libexif | Ubuntu | esm-infra-legacy/trusty | * |
Libexif | Ubuntu | esm-infra/bionic | * |
Libexif | Ubuntu | esm-infra/focal | * |
Libexif | Ubuntu | esm-infra/xenial | * |
Libexif | Ubuntu | focal | * |
Libexif | Ubuntu | trusty | * |
Libexif | Ubuntu | trusty/esm | * |
Libexif | Ubuntu | upstream | * |
Libexif | Ubuntu | xenial | * |
Sleuthkit | Ubuntu | bionic | * |
Sleuthkit | Ubuntu | eoan | * |
Sleuthkit | Ubuntu | focal | * |
Sleuthkit | Ubuntu | groovy | * |
Sleuthkit | Ubuntu | hirsute | * |
Sleuthkit | Ubuntu | impish | * |
Sleuthkit | Ubuntu | kinetic | * |
Sleuthkit | Ubuntu | lunar | * |
Sleuthkit | Ubuntu | mantic | * |
Sleuthkit | Ubuntu | oracular | * |
Sleuthkit | Ubuntu | trusty | * |
Sleuthkit | Ubuntu | trusty/esm | * |
Sleuthkit | Ubuntu | xenial | * |