PT-2020-11542 · Google+4 · Android+4

Published

2020-02-06

Updated

2023-08-16

CVE-2020-0181

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to an integer overflow in the exif data load data thumbnail function of exif-data.c, which could lead to a remote denial of service. No additional execution privileges are needed for exploitation, and user interaction is not required. This could potentially affect a significant number of devices, but the exact number is not specified.

Recommendations For Android version Android-10, consider applying the fix for the integer overflow in the exif data load data thumbnail function to prevent remote denial of service attacks. As a temporary workaround, restrict access to the exif-data.c module to minimize the risk of exploitation.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2021-3168

ALT-PU-2023-1080

ALT-PU-2023-4922

CESA-2020_4766

CVE-2020-0181

DLA-2100-1

DSA-4618-1

OESA-2022-2006

OESA-2022-2008

RHSA-2020:4766

RHSA-2020_4766

SUSE-SU-2022:1148-1

SUSE-SU-2022:1168-1

SUSE-SU-2022_1148-1

SUSE-SU-2022_1168-1

Affected Products

Alt Linux

Android

Centos

Red Hat

Suse

PT-2020-11542 · Google+4 · Android+4

CVE-2020-0181

Weakness Enumeration

Related Identifiers

Affected Products

References · 34