{"id":"CVE-2020-0093","details":"In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132","modified":"2026-05-18T05:50:49.253172742Z","published":"2020-05-14T21:15:11.883Z","related":["SUSE-SU-2020:1534-1","SUSE-SU-2020:1553-1","SUSE-SU-2020:1553-2","openSUSE-SU-2020:0793-1","openSUSE-SU-2024:10939-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"19.10"},{"last_affected":"20.04"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"],"vendor_product":"canonical:ubuntu_linux"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"},{"last_affected":"8.1"},{"last_affected":"9.0"},{"last_affected":"10.0"}],"cpes":["cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*","cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*","cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*","cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"],"vendor_product":"google:android"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.1"}],"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"vendor_product":"opensuse:leap"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4396-1/"},{"type":"FIX","url":"https://security.gentoo.org/glsa/202007-05"},{"type":"FIX","url":"https://source.android.com/security/bulletin/2020-05-01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libexif/exif","events":[{"introduced":"0"},{"fixed":"edad134a28caaa7ea324b8c075bde52da05ad7d9"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.6.22"}],"cpe":"cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*"}}],"versions":["cvs-migration","exif-0_6_21-release","exif-0_6_20-release","exif-0_6_19-release","exif-0_6_18-release","exif-0_6_17-release","exif-0_6_15-release","exif-0_6_9-release","exif-0_6-release"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0093.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/libexif/libexif","events":[{"introduced":"0"},{"fixed":"3cc7842ca200a4da4bd65850e3c20d5a1811afa7"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"0.6.22"}],"cpe":"cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*"}}],"versions":["cvs-migration","libexif-0_6_21-release","libexif-0_6_20-release","libexif-0_6_19-release","libexif-0_6_18-release","libexif-0_6_17-release","libexif-0_6_16-release","libexif-0_6_15-release","libexif-0_6_14-release","libexif-0_6_12-release","libexif-before-0_6_0-api-change","libexif-0_5_9-release","libexif-0_5_7-release","libexif-0_5_7-rc4","libexif-0_5_7-rc3","libexif-0_5_7-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0093.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}