CVE-2020-0452

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 11

Description The issue is related to a possible out of bounds write due to an integer overflow in the exif entry get value function of the exif-entry.c component. This could lead to remote code execution if a third-party app uses this library to process remote image data with no additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Android versions 8.0 through 11, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALSA-2020:5393

ALT-PU-2021-1060

ALT-PU-2021-1095

ALT-PU-2023-4922

ASB-A-159625731

BDU:2021-03096

CESA-2020_5393

CESA-2020_5402

CVE-2020-0452

DLA-2439-1

DSA-4786-1

MGASA-2020-0426

OESA-2024-1078

OPENSUSE-SU-2024:10939-1

RHSA-2020:5393

RHSA-2020:5394

RHSA-2020:5395

RHSA-2020:5396

RHSA-2020:5402

RHSA-2020_5393

RHSA-2020_5402

RLSA-2020:5393

SUSE-SU-2022:1148-1

SUSE-SU-2022:1168-1

USN-4624-1

Affected Products

Alt Linux

Almalinux

Android

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2020-0452

Weakness Enumeration

Related Identifiers

Affected Products

References · 66