{"id":"ASB-A-162602132","details":"In mnote_pentax_entry_get_value of mnote-pentax-entry.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-162602132","CVE-2016-6328"],"modified":"2026-05-18T15:08:09.253695Z","published":"2021-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"}],"affected":[{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2021-01-01"}]}],"versions":["8.0"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"id":"ASB-A-162602132-9677eb7e","digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Line"},{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"id":"ASB-A-162602132-b9b445d7","digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"severity":"High","spl":"2021-01-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-01-01"}]}],"versions":["8.1"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"id":"ASB-A-162602132-3d730fdd","digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Line"},{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"id":"ASB-A-162602132-eb1ad7b5","digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"severity":"High","spl":"2021-01-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-01-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"id":"ASB-A-162602132-02863832","digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Line"},{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"id":"ASB-A-162602132-29a4aea1","digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"severity":"High","spl":"2021-01-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-01-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"id":"ASB-A-162602132-4ae04b29","digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Function"},{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"id":"ASB-A-162602132-6b33ba7f","digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"severity":"High","spl":"2021-01-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-01-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"id":"ASB-A-162602132-ccc6a39c","digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Line"},{"signature_version":"v1","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"id":"ASB-A-162602132-d28c138d","digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"deprecated":false,"source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"severity":"High","spl":"2021-01-01","types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-162602132.json"}}],"schema_version":"1.7.5"}