In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local…
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
The product reads data past the end, or before the beginning, of the intended buffer.
https://cwe.mitre.org/data/definitions/125.html →Open in CWE collection →The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
https://cwe.mitre.org/data/definitions/805.html →Open in CWE collection →Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
https://capec.mitre.org/data/definitions/100.html →Open in CAPEC collection →An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array.
https://capec.mitre.org/data/definitions/256.html →Open in CAPEC collection →An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
https://capec.mitre.org/data/definitions/540.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked | |
| libexif | Tracked |