{"id":"ASB-A-196085005","details":"An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.","aliases":["A-196085005","CVE-2020-13113"],"modified":"2026-04-03T15:37:31.002635Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"}],"affected":[{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-02-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"libexif/olympus/exif-mnote-data-olympus.c"},"id":"ASB-A-196085005-45cb83fc","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["171665474353090061899021564791197257152","116301063513059510679027604740839939787","33983948157538593294138539723360334410","231840623465655071498280023479608178034"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"},{"target":{"function":"exif_mnote_data_pentax_load","file":"libexif/pentax/exif-mnote-data-pentax.c"},"id":"ASB-A-196085005-500e6a39","signature_version":"v1","deprecated":false,"digest":{"function_hash":"183404549225358201605541302295976617143","length":3510},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"function":"exif_mnote_data_canon_load","file":"libexif/canon/exif-mnote-data-canon.c"},"id":"ASB-A-196085005-52cf7f82","signature_version":"v1","deprecated":false,"digest":{"function_hash":"230472758768611256226825674298003938134","length":2636},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"file":"libexif/fuji/exif-mnote-data-fuji.c"},"id":"ASB-A-196085005-5d4bce62","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["182556739721751607620424315492830018068","63090266439464873986942635232246469126","133352749772712821961584651055235107129","59814921405938895402439206079570764350"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"},{"target":{"function":"exif_mnote_data_fuji_load","file":"libexif/fuji/exif-mnote-data-fuji.c"},"id":"ASB-A-196085005-66798d65","signature_version":"v1","deprecated":false,"digest":{"function_hash":"113168632477656210553710536030160313989","length":2820},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"function":"exif_mnote_data_olympus_load","file":"libexif/olympus/exif-mnote-data-olympus.c"},"id":"ASB-A-196085005-adb7db80","signature_version":"v1","deprecated":false,"digest":{"function_hash":"189747278139490779873991802493815478765","length":6441},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"file":"libexif/pentax/exif-mnote-data-pentax.c"},"id":"ASB-A-196085005-dd189b4f","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["182556739721751607620424315492830018068","63090266439464873986942635232246469126","133352749772712821961584651055235107129","87180012295696138925344357238405859904"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"},{"target":{"file":"libexif/canon/exif-mnote-data-canon.c"},"id":"ASB-A-196085005-e339df47","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["182556739721751607620424315492830018068","63090266439464873986942635232246469126","225602874433340598213515522161546468010","215464518781960057437098919856189329355"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/c9da78d8d9f302c767b366ef256e24fa32f8784f","https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232"],"severity":"High","spl":"2022-02-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-196085005.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-02-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"libexif/canon/exif-mnote-data-canon.c"},"id":"ASB-A-196085005-130a0623","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["182556739721751607620424315492830018068","63090266439464873986942635232246469126","225602874433340598213515522161546468010","215464518781960057437098919856189329355"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"},{"target":{"function":"exif_mnote_data_pentax_load","file":"libexif/pentax/exif-mnote-data-pentax.c"},"id":"ASB-A-196085005-20c7c86e","signature_version":"v1","deprecated":false,"digest":{"function_hash":"183404549225358201605541302295976617143","length":3510},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"function":"exif_mnote_data_fuji_load","file":"libexif/fuji/exif-mnote-data-fuji.c"},"id":"ASB-A-196085005-3144475c","signature_version":"v1","deprecated":false,"digest":{"function_hash":"113168632477656210553710536030160313989","length":2820},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"file":"libexif/fuji/exif-mnote-data-fuji.c"},"id":"ASB-A-196085005-6aaef996","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["182556739721751607620424315492830018068","63090266439464873986942635232246469126","133352749772712821961584651055235107129","59814921405938895402439206079570764350"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"},{"target":{"file":"libexif/olympus/exif-mnote-data-olympus.c"},"id":"ASB-A-196085005-901b89c8","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["171665474353090061899021564791197257152","116301063513059510679027604740839939787","33983948157538593294138539723360334410","231840623465655071498280023479608178034"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"},{"target":{"function":"exif_mnote_data_canon_load","file":"libexif/canon/exif-mnote-data-canon.c"},"id":"ASB-A-196085005-a972d32c","signature_version":"v1","deprecated":false,"digest":{"function_hash":"230472758768611256226825674298003938134","length":2636},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"function":"exif_mnote_data_olympus_load","file":"libexif/olympus/exif-mnote-data-olympus.c"},"id":"ASB-A-196085005-ad14afa8","signature_version":"v1","deprecated":false,"digest":{"function_hash":"189747278139490779873991802493815478765","length":6441},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Function"},{"target":{"file":"libexif/pentax/exif-mnote-data-pentax.c"},"id":"ASB-A-196085005-c70dca5d","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["182556739721751607620424315492830018068","63090266439464873986942635232246469126","133352749772712821961584651055235107129","87180012295696138925344357238405859904"]},"source":"https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232","signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/external/libexif/+/c9da78d8d9f302c767b366ef256e24fa32f8784f","https://android.googlesource.com/platform/external/libexif/+/4ceb535b530fd8d0504c9df65c99045a71e12232"],"severity":"High","spl":"2022-02-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-196085005.json"}}],"schema_version":"1.7.5"}