CVE-2020-0182

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a missing bounds check in the exif entry get value function of the exif-entry.c component, which can lead to an out of bounds read. This could result in local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation. The vulnerability may allow a remote attacker to access confidential data and cause a denial of service.

Recommendations For Android version Android-10, consider applying a patch or fix that addresses the missing bounds check in the exif entry get value function to prevent out of bounds reads and potential information disclosure. As a temporary workaround, consider restricting access to EXIF file parsing functionality until a patch is available.