CVE-2020-0452

一、漏洞信息
 漏洞编号：[CVE-2020-0452](https://nvd.nist.gov/vuln/detail/CVE-2020-0452)
 漏洞归属组件：[libexif](https://gitee.com/src-openeuler/libexif)
 漏洞归属的版本：0.6.22
 CVSS V3.0分值：
  BaseScore：9.8 Critical
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 漏洞简述：
  In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
 漏洞公开时间：2020-11-10 21:15
 漏洞创建时间：2024-01-12 16:02:37
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2020-0452
<details>
<summary>更多参考(点击展开)</summary>

无
</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
    In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 
 openEuler评分：
  9.8
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(0.6.21):受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS(0.6.22):受影响
4.openEuler-22.03-LTS-Next(0.6.22):受影响
5.openEuler-22.03-LTS-SP1(0.6.22):受影响
6.openEuler-22.03-LTS-SP2(0.6.22):受影响
7.openEuler-22.03-LTS-SP3:受影响
8.master(0.6.22):不受影响

修复是否涉及abi变化(是/否)：
  1.master(0.6.22):否
2.openEuler-20.03-LTS-SP1(0.6.21):否
3.openEuler-20.03-LTS-SP4:否
4.openEuler-22.03-LTS(0.6.22):否
5.openEuler-22.03-LTS-Next(0.6.22):否
6.openEuler-22.03-LTS-SP1(0.6.22):否
7.openEuler-22.03-LTS-SP2(0.6.22):否
8.openEuler-22.03-LTS-SP3:否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1078

src-openEuler/libexif
关闭

内容风险标识

评论 (23)

src-openEuler/libexif关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2020-0452

评论 (23)

搜索帮助

src-openEuler/libexif
关闭