{"id":"ASB-A-162602132","details":"In mnote_pentax_entry_get_value of mnote-pentax-entry.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-162602132","CVE-2016-6328"],"modified":"2026-03-11T05:55:55.986228Z","published":"2021-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"}],"affected":[{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0:0"},{"fixed":"8.0:2021-01-01"}]}],"versions":["8.0"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"signature_type":"Line","id":"ASB-A-162602132-9677eb7e","deprecated":false},{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"signature_type":"Function","id":"ASB-A-162602132-b9b445d7","deprecated":false}],"severity":"High","spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-01-01"}]}],"versions":["8.1"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"signature_type":"Line","id":"ASB-A-162602132-3d730fdd","deprecated":false},{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"signature_type":"Function","id":"ASB-A-162602132-eb1ad7b5","deprecated":false}],"severity":"High","spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-01-01"}]}],"versions":["9"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"signature_type":"Line","id":"ASB-A-162602132-02863832","deprecated":false},{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"signature_type":"Function","id":"ASB-A-162602132-29a4aea1","deprecated":false}],"severity":"High","spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-01-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"signature_type":"Function","id":"ASB-A-162602132-4ae04b29","deprecated":false},{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"signature_type":"Line","id":"ASB-A-162602132-6b33ba7f","deprecated":false}],"severity":"High","spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-162602132.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-01-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"digest":{"threshold":0.9,"line_hashes":["175146752836763685198622688674874678005","124515746665859951039052757801996161937","242091409878844891826406494947120978630","332980423940081593133496076834367599114","147151961774177677147307403192757190746","107102314077479670502440547082948736745","299838149444107731085690623239299079061","97608187683932755821905740725855936683","251065701080778825318184657676772403215","160497430726689769436068467344103967458","151944488118324381420298966296707490222","63036128348707188642445148568239797699","91530260563412488639123315353058175586","124515746665859951039052757801996161937","109658686874682054444219770144142193259","54829267476730749594108310317601883343","104841365962673223275803932660853236840","271367678765346262758687057528012221562","312534407531948240350447043101551225186","1804124221827002298327430074211046193","64511922163632315931762397240604236798","45934783660383152751790118201899587804","293343631378824165777765967414552575016"]},"signature_type":"Line","id":"ASB-A-162602132-ccc6a39c","deprecated":false},{"signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c","target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"digest":{"length":5072,"function_hash":"192389887455940997054824939208430642402"},"signature_type":"Function","id":"ASB-A-162602132-d28c138d","deprecated":false}],"severity":"High","spl":"2021-01-01","fixes":["https://android.googlesource.com/platform/external/libexif/+/8b37da24f362ac660917ae5415e1e4063724093c"],"types":["RCE"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-162602132.json"}}],"schema_version":"1.7.5"}