{"id":"ASB-A-194342672","details":"In exif_entry_get_value  of  exif-entry.c, there is a possible out of bounds write  due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-194342672","CVE-2020-13112"],"modified":"2026-03-11T06:13:17.791410Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"}],"affected":[{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-02-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libexif/+/c9da78d8d9f302c767b366ef256e24fa32f8784f","https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56"],"spl":"2022-02-01","vanir_signatures":[{"id":"ASB-A-194342672-20bd46a2","digest":{"length":6116,"function_hash":"208402699961437767102961146573691940995"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/olympus/exif-mnote-data-olympus.c","function":"exif_mnote_data_olympus_load"},"deprecated":false},{"id":"ASB-A-194342672-2109340c","digest":{"line_hashes":["67992316777328202553980430044272331270","232550279310151884703013089340447102658","262436377453016637111844930069636124266","330076833017829254660096767153562663059","228662460307024714608934979598524022781","233676342583969049750620450728947013967","160686445356664800807236764665764019330","154921360113025583163959014935285786330","229994903253438464991697503678377727877","275315361253278129193099917602521068866","304848201401731473370420849461607645697","69681233052220359974246983910946828230","329721097948751380813217950720224206016","249747458773296643272793894562528613180","16243798146026572846220843309356160713","164072094161247012763677138634413304489","105483538392136473165128370458666347432","309934484426480763336454860572763384368","183082392600355293043774931062045147506"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/pentax/exif-mnote-data-pentax.c"},"deprecated":false},{"id":"ASB-A-194342672-49bf7d3c","digest":{"line_hashes":["91768807785251968606655776771787404175","34128777807662979432063334523332355086","122684923369204591401773385474411219437","306501088345474863721586112929833381110","138851954609533570359062211287425004272","1936258232986127287851615607716904335","53254384811274092521536811663461829923","247226864292509684740302401359787767559","287947585148421249845200903856289510669","104253677331884237553937680473303634630","131253004424668098972405393941221762040","332928245879175964489794819146672288298","154921360113025583163959014935285786330","229994903253438464991697503678377727877","106720485668533517217715668095921258485","131450083276499232150020930332149982750","163570383433052667235952779228527056161","44006543196768161952519086084373760910","15994231627680740085484671932692890255","197911634203420330037577726332330554142","194890962513460607422706959778358943056","313155748930828196394430449175341864996","155133720598942189245718972478170672303","222809935566415879642717990068393848638"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/fuji/exif-mnote-data-fuji.c"},"deprecated":false},{"id":"ASB-A-194342672-65fa0c4b","digest":{"line_hashes":["183661055639346139562865211106879471593","102180397425500091626994875092804653997","306305871760784389225367867808059433294","303255437467966467341393093297170437848","100948656951186216070801422017812816676","73432668262711205432098364026531541312","267961534160633078526824789703397165948","154921360113025583163959014935285786330","103248917384609285893761502457655296973","22227807076449600468076546494790266074","193000294359280234636191826172030860032","176117644035555751522229401211926605647","263132597833869344788571920226587275969","42658674550384883182946853197281633468","33198140988457916349558889987929538988","112671455866612657294225999046785040953","75308504808077224835780035377193872907","196607724232554454389644985523791773223"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/canon/exif-mnote-data-canon.c"},"deprecated":false},{"id":"ASB-A-194342672-7fb72153","digest":{"length":3246,"function_hash":"313756787892045291838585509807872701394"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/pentax/exif-mnote-data-pentax.c","function":"exif_mnote_data_pentax_load"},"deprecated":false},{"id":"ASB-A-194342672-82fcafab","digest":{"length":2374,"function_hash":"327868807100784019661132185299592104085"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/canon/exif-mnote-data-canon.c","function":"exif_mnote_data_canon_load"},"deprecated":false},{"id":"ASB-A-194342672-89e34450","digest":{"line_hashes":["258535496758549796525577034021958697522","59736004700112239815348148878440973207","156015236527021583219511368386532566842","208925529009590714242737344820623926710","48666843725151391636436753403927499968","240018877582134170072901602787940449497","213651751248844444609361278218619392192","152302461492781522310162171822127815345","62182544705571316333036728162786637476","242390438284685401923947976273825853729","284553104731774990022674155994110483697","23214577493705472685592134892419422943","217382026755880070287099181453515892637","232535131140631515703129315698992429648","326481239605051460902876578302081753576","338367017957438403399591092303558428499","21616384379039474647905404541779968469","240983110241008204587683960473455952697","300382965223174925975307352434426334743","188422837286098323284111960324460508945","144254756210762447390137419065902126524","43833660071409727621081211170277356266","129968889050604978613839631187151974605","116747509092517018688199909938715976133","288949564732672714059697529825343483626","314788910212899863640686260426888679038","157532589449493052524821219631199914886","45393122599490990728121242797044305316","39540614766808889591457708870210383263","21089699327839949456483140375456845158","301458848095656617000108631530238790419","323453559867362649834545384425527187279","75772798565266786018311198559361232120","186253402370051844648021984182755247832","87775394838865803204933070860362431916"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/olympus/exif-mnote-data-olympus.c"},"deprecated":false},{"id":"ASB-A-194342672-8a7af194","digest":{"length":2590,"function_hash":"252294463346496877372292661889805869063"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/fuji/exif-mnote-data-fuji.c","function":"exif_mnote_data_fuji_load"},"deprecated":false}],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-194342672.json"}},{"package":{"name":"platform/external/libexif","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-02-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libexif/+/c9da78d8d9f302c767b366ef256e24fa32f8784f","https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56"],"spl":"2022-02-01","vanir_signatures":[{"id":"ASB-A-194342672-1cdedd0f","digest":{"length":3246,"function_hash":"313756787892045291838585509807872701394"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/pentax/exif-mnote-data-pentax.c","function":"exif_mnote_data_pentax_load"},"deprecated":false},{"id":"ASB-A-194342672-2393334a","digest":{"length":6116,"function_hash":"208402699961437767102961146573691940995"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/olympus/exif-mnote-data-olympus.c","function":"exif_mnote_data_olympus_load"},"deprecated":false},{"id":"ASB-A-194342672-39eb0f4a","digest":{"length":2590,"function_hash":"252294463346496877372292661889805869063"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/fuji/exif-mnote-data-fuji.c","function":"exif_mnote_data_fuji_load"},"deprecated":false},{"id":"ASB-A-194342672-8ade174f","digest":{"line_hashes":["258535496758549796525577034021958697522","59736004700112239815348148878440973207","156015236527021583219511368386532566842","208925529009590714242737344820623926710","48666843725151391636436753403927499968","240018877582134170072901602787940449497","213651751248844444609361278218619392192","152302461492781522310162171822127815345","62182544705571316333036728162786637476","242390438284685401923947976273825853729","284553104731774990022674155994110483697","23214577493705472685592134892419422943","217382026755880070287099181453515892637","232535131140631515703129315698992429648","326481239605051460902876578302081753576","338367017957438403399591092303558428499","21616384379039474647905404541779968469","240983110241008204587683960473455952697","300382965223174925975307352434426334743","188422837286098323284111960324460508945","144254756210762447390137419065902126524","43833660071409727621081211170277356266","129968889050604978613839631187151974605","116747509092517018688199909938715976133","288949564732672714059697529825343483626","314788910212899863640686260426888679038","157532589449493052524821219631199914886","45393122599490990728121242797044305316","39540614766808889591457708870210383263","21089699327839949456483140375456845158","301458848095656617000108631530238790419","323453559867362649834545384425527187279","75772798565266786018311198559361232120","186253402370051844648021984182755247832","87775394838865803204933070860362431916"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/olympus/exif-mnote-data-olympus.c"},"deprecated":false},{"id":"ASB-A-194342672-b0829901","digest":{"line_hashes":["91768807785251968606655776771787404175","34128777807662979432063334523332355086","122684923369204591401773385474411219437","306501088345474863721586112929833381110","138851954609533570359062211287425004272","1936258232986127287851615607716904335","53254384811274092521536811663461829923","247226864292509684740302401359787767559","287947585148421249845200903856289510669","104253677331884237553937680473303634630","131253004424668098972405393941221762040","332928245879175964489794819146672288298","154921360113025583163959014935285786330","229994903253438464991697503678377727877","106720485668533517217715668095921258485","131450083276499232150020930332149982750","163570383433052667235952779228527056161","44006543196768161952519086084373760910","15994231627680740085484671932692890255","197911634203420330037577726332330554142","194890962513460607422706959778358943056","313155748930828196394430449175341864996","155133720598942189245718972478170672303","222809935566415879642717990068393848638"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/fuji/exif-mnote-data-fuji.c"},"deprecated":false},{"id":"ASB-A-194342672-b39e92d6","digest":{"line_hashes":["67992316777328202553980430044272331270","232550279310151884703013089340447102658","262436377453016637111844930069636124266","330076833017829254660096767153562663059","228662460307024714608934979598524022781","233676342583969049750620450728947013967","160686445356664800807236764665764019330","154921360113025583163959014935285786330","229994903253438464991697503678377727877","275315361253278129193099917602521068866","304848201401731473370420849461607645697","69681233052220359974246983910946828230","329721097948751380813217950720224206016","249747458773296643272793894562528613180","16243798146026572846220843309356160713","164072094161247012763677138634413304489","105483538392136473165128370458666347432","309934484426480763336454860572763384368","183082392600355293043774931062045147506"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/pentax/exif-mnote-data-pentax.c"},"deprecated":false},{"id":"ASB-A-194342672-c147af7c","digest":{"length":2374,"function_hash":"327868807100784019661132185299592104085"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/canon/exif-mnote-data-canon.c","function":"exif_mnote_data_canon_load"},"deprecated":false},{"id":"ASB-A-194342672-ec3c715d","digest":{"line_hashes":["183661055639346139562865211106879471593","102180397425500091626994875092804653997","306305871760784389225367867808059433294","303255437467966467341393093297170437848","100948656951186216070801422017812816676","73432668262711205432098364026531541312","267961534160633078526824789703397165948","154921360113025583163959014935285786330","103248917384609285893761502457655296973","22227807076449600468076546494790266074","193000294359280234636191826172030860032","176117644035555751522229401211926605647","263132597833869344788571920226587275969","42658674550384883182946853197281633468","33198140988457916349558889987929538988","112671455866612657294225999046785040953","75308504808077224835780035377193872907","196607724232554454389644985523791773223"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/external/libexif/+/fd5f7bab830858e57a2baf9d4dd47e5820337b56","target":{"file":"libexif/canon/exif-mnote-data-canon.c"},"deprecated":false}],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-194342672.json"}}],"schema_version":"1.7.5"}