Open mend-for-github-com[bot] opened 1 year ago
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
A library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-13112
### Vulnerable Libraries - libexiflibexif-0_6_19-release, libexiflibexif-0_6_19-release, libexiflibexif-0_6_19-release, libexiflibexif-0_6_19-release
### Vulnerability DetailsAn issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
Publish Date: 2020-05-21
URL: CVE-2020-13112
### CVSS 3 Score Details (9.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13112
Release Date: 2020-07-27
Fix Resolution: 0.6.22
CVE-2019-9278
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-data.c
/release/src/router/libexif/libexif/exif-data.c
### Vulnerability DetailsIn libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
Publish Date: 2019-09-27
URL: CVE-2019-9278
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-9278
Release Date: 2020-08-24
Fix Resolution: libexif-debuginfo - 0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-1;libexif-doc - 0.6.22-1,0.6.22-1,0.6.22-1;libexif-devel - 0.6.22-1,0.6.22-1,0.6.22-1,0.6.22-1,0.6.22-1;libexif-debugsource - 0.6.22-4,0.6.22-4;libexif - 0.6.22-4,0.6.22-1,0.6.22-1,0.6.22-1,0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-4
CVE-2020-13113
### Vulnerable Libraries - libexiflibexif-0_6_19-release, libexiflibexif-0_6_19-release, libexiflibexif-0_6_19-release, libexiflibexif-0_6_19-release
### Vulnerability DetailsAn issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
Publish Date: 2020-05-21
URL: CVE-2020-13113
### CVSS 3 Score Details (8.2)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
Release Date: 2020-05-21
Fix Resolution: 0.6.22
CVE-2016-6328
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/pentax/mnote-pentax-entry.c
/release/src/router/libexif/libexif/pentax/mnote-pentax-entry.c
### Vulnerability DetailsA vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
Publish Date: 2018-10-31
URL: CVE-2016-6328
### CVSS 3 Score Details (8.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6328
Release Date: 2018-10-31
Fix Resolution: libexif-0_6_22-release
CVE-2018-20030
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-data.c
/release/src/router/libexif/libexif/exif-data.c
### Vulnerability DetailsAn error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
Publish Date: 2019-02-20
URL: CVE-2018-20030
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
Release Date: 2019-02-20
Fix Resolution: libexif-0_6_21-release
CVE-2020-13114
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/canon/exif-mnote-data-canon.c
/release/src/router/libexif/libexif/canon/exif-mnote-data-canon.c
### Vulnerability DetailsAn issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
Publish Date: 2020-05-21
URL: CVE-2020-13114
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13114
Release Date: 2020-05-21
Fix Resolution: 0.6.22
CVE-2012-2840
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src/router/libexif/libexif/exif-utils.c
/release/src/router/libexif/libexif/exif-utils.c
/release/src/router/libexif/libexif/exif-utils.c
### Vulnerability DetailsOff-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
Publish Date: 2012-07-13
URL: CVE-2012-2840
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2012-2841
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability DetailsInteger underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.
Publish Date: 2012-07-13
URL: CVE-2012-2841
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2012-2814
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability DetailsBuffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
Publish Date: 2012-07-13
URL: CVE-2012-2814
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2012-2812
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability DetailsThe exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
Publish Date: 2012-07-13
URL: CVE-2012-2812
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2012-2813
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability DetailsThe exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
Publish Date: 2012-07-13
URL: CVE-2012-2813
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2012-2836
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability DetailsThe exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image.
Publish Date: 2012-07-13
URL: CVE-2012-2836
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2020-0182
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability DetailsIn exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 Mend Note: Converted from WS-2019-0547, on 2022-11-07.
Publish Date: 2020-06-11
URL: CVE-2020-0182
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://osv.dev/vulnerability/OSV-2020-1274
Release Date: 2020-07-06
Fix Resolution: libexif-0_6_22-release
CVE-2020-12767
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-entry.c
/release/src/router/libexif/libexif/exif-entry.c
### Vulnerability Detailsexif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
Publish Date: 2020-05-09
URL: CVE-2020-12767
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-12767
Release Date: 2020-07-27
Fix Resolution: libexif-debuginfo - 0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-1;libexif-doc - 0.6.22-1,0.6.22-1,0.6.22-1;libexif-devel - 0.6.22-1,0.6.22-1,0.6.22-1,0.6.22-1,0.6.22-1;libexif-debugsource - 0.6.22-4,0.6.22-4;libexif - 0.6.22-4,0.6.22-1,0.6.22-1,0.6.22-1,0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-1,0.6.22-4,0.6.22-4
CVE-2012-2837
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/olympus/mnote-olympus-entry.c
/release/src/router/libexif/libexif/olympus/mnote-olympus-entry.c
### Vulnerability DetailsThe mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags.
Publish Date: 2012-07-13
URL: CVE-2012-2837
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
Release Date: 2012-07-13
Fix Resolution: 0.6.21
CVE-2020-0093
### Vulnerable Library - libexiflibexif-0_6_19-releaseA library for parsing, editing, and saving EXIF data
Library home page: https://github.com/libexif/libexif.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (2)
/release/src/router/libexif/libexif/exif-data.c
/release/src/router/libexif/libexif/exif-data.c
### Vulnerability DetailsIn exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
Publish Date: 2020-05-14
URL: CVE-2020-0093
### CVSS 3 Score Details (5.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2020-07-27
Fix Resolution: libexif-0_6_22-release