Information Disclosure

libexif is vulnerable to information disclosure.Attacker get the information through an out of bounds read due to a missing bounds check in exifdatasavedataentry function in exif-data.c...

libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2020-0198

In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14642894...

Integer overflow

In exifdataloaddatacontent of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14642894...

CVE-2020-0198

The CVE-2020-0198 entry concerns the libexif library used on Android-10. The issue is in exif_data_load_data_content of exif-data.c, where an integer overflow can trigger a UBSAN abort, potentially enabling remote denial of service with no additional execution privileges. Exploitation requires us...

Integer Overflow

libexif.so is vulnerable to integer overflow. It is possible because it does not properly perform the overflowing calculations in exif-data.c when the offset is larger than UINTMAX-2...

CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2020-0093

CVE-2020-0093 is a libexif vulnerability affecting Android 8.x–10, where a missing bounds check in exif_data_save_data_entry can cause an out-of-bounds read, leading to local information disclosure. The issue arises from an insufficient bounds check in exif-data.c; exploit requires user interacti...

libexif Denial of Service Vulnerability

libexif is a library of functions written in C to read and write EXIF meta-information from graphics files. A security vulnerability in the 'exifdatasavedataentry' function in the libexif/exif-data.c file in libexif version 0.6.21 and earlier stems from the program failing to correctly calculate...

CVE-2007-2645

Integer overflow in the exifdataloaddataentry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted EXIF data, involving the 1 doff or 2 s variable...