{"id":"ASB-A-159625731","details":"In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-159625731","CVE-2020-0452"],"modified":"2026-04-14T15:05:17.852631Z","published":"2020-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/libexif/+/8e7345f3bc0bad06ac369d6cbc1124c8ceaf7d4b"}],"affected":[{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11-next:0"},{"fixed":"11-next:2020-11-01"}]}],"versions":["11-next"],"ecosystem_specific":{"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"length":17208,"function_hash":"263220040067256262802011496473458430110"},"deprecated":false,"target":{"file":"libexif/exif-entry.c","function":"exif_entry_get_value"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-159625731-29557f15"},{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"threshold":0.9,"line_hashes":["284322438145339945043720915456140922165","93281639976837326739273976352982873884","18325982235928269788913677721160134997","288125191916546280087425276079803197919","61811470730497895629839865950923936795","85008742746889107741124549964262222027","320703541205510993089784264294519513012","174698835426192614860996725383857514855"]},"deprecated":false,"target":{"file":"libexif/exif-entry.c"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-159625731-58e1fa82"}],"severity":"High","fixes":["https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7"],"spl":"2020-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-159625731.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2020-11-01"}]}],"versions":["8.0"],"ecosystem_specific":{"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/libexif/+/79b5fcdc0a58dd62094f09697fcc8033148c80df","digest":{"threshold":0.9,"line_hashes":["284322438145339945043720915456140922165","93281639976837326739273976352982873884","18325982235928269788913677721160134997","288125191916546280087425276079803197919","61811470730497895629839865950923936795","85008742746889107741124549964262222027","320703541205510993089784264294519513012","174698835426192614860996725383857514855"]},"deprecated":false,"target":{"file":"libexif/exif-entry.c"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-159625731-8a485f31"},{"source":"https://android.googlesource.com/platform/external/libexif/+/79b5fcdc0a58dd62094f09697fcc8033148c80df","digest":{"length":17208,"function_hash":"263220040067256262802011496473458430110"},"deprecated":false,"target":{"file":"libexif/exif-entry.c","function":"exif_entry_get_value"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-159625731-ecc8f716"}],"severity":"High","fixes":["https://android.googlesource.com/platform/external/libexif/+/79b5fcdc0a58dd62094f09697fcc8033148c80df"],"spl":"2020-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-159625731.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2020-11-01"}]}],"versions":["8.1"],"ecosystem_specific":{"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"length":17208,"function_hash":"263220040067256262802011496473458430110"},"deprecated":false,"target":{"file":"libexif/exif-entry.c","function":"exif_entry_get_value"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-159625731-0f86e893"},{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"threshold":0.9,"line_hashes":["284322438145339945043720915456140922165","93281639976837326739273976352982873884","18325982235928269788913677721160134997","288125191916546280087425276079803197919","61811470730497895629839865950923936795","85008742746889107741124549964262222027","320703541205510993089784264294519513012","174698835426192614860996725383857514855"]},"deprecated":false,"target":{"file":"libexif/exif-entry.c"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-159625731-610e5dce"}],"severity":"High","fixes":["https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7"],"spl":"2020-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-159625731.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-11-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"length":17208,"function_hash":"263220040067256262802011496473458430110"},"deprecated":false,"target":{"file":"libexif/exif-entry.c","function":"exif_entry_get_value"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-159625731-83fc9f95"},{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"threshold":0.9,"line_hashes":["284322438145339945043720915456140922165","93281639976837326739273976352982873884","18325982235928269788913677721160134997","288125191916546280087425276079803197919","61811470730497895629839865950923936795","85008742746889107741124549964262222027","320703541205510993089784264294519513012","174698835426192614860996725383857514855"]},"deprecated":false,"target":{"file":"libexif/exif-entry.c"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-159625731-ca9f79df"}],"severity":"High","fixes":["https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7"],"spl":"2020-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-159625731.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-11-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"length":17208,"function_hash":"263220040067256262802011496473458430110"},"deprecated":false,"target":{"file":"libexif/exif-entry.c","function":"exif_entry_get_value"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-159625731-9c1db66a"},{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"threshold":0.9,"line_hashes":["284322438145339945043720915456140922165","93281639976837326739273976352982873884","18325982235928269788913677721160134997","288125191916546280087425276079803197919","61811470730497895629839865950923936795","85008742746889107741124549964262222027","320703541205510993089784264294519513012","174698835426192614860996725383857514855"]},"deprecated":false,"target":{"file":"libexif/exif-entry.c"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-159625731-c0534477"}],"severity":"High","fixes":["https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7"],"spl":"2020-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-159625731.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2020-11-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["RCE"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"length":17208,"function_hash":"263220040067256262802011496473458430110"},"deprecated":false,"target":{"file":"libexif/exif-entry.c","function":"exif_entry_get_value"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-159625731-36a8ca9e"},{"source":"https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7","digest":{"threshold":0.9,"line_hashes":["284322438145339945043720915456140922165","93281639976837326739273976352982873884","18325982235928269788913677721160134997","288125191916546280087425276079803197919","61811470730497895629839865950923936795","85008742746889107741124549964262222027","320703541205510993089784264294519513012","174698835426192614860996725383857514855"]},"deprecated":false,"target":{"file":"libexif/exif-entry.c"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-159625731-ec8d54ab"}],"severity":"High","fixes":["https://android.googlesource.com/platform/external/libexif/+/4c18b0fabf48fe4460b679805b0442d76a78bde7"],"spl":"2020-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-159625731.json"}}],"schema_version":"1.7.5"}