SB2020051952 - Out-of-bounds read in libexif (Alpine package)
Published: May 19, 2020
Security Bulletin ID
SB2020051952
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2020-0093)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a missing bounds check in "exif_data_save_data_entry" of "exif-data.c" file within the Media framework functionality. A local user can trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5dea23e076ed7123339473f529d74d8a9362e7c6
- https://git.alpinelinux.org/aports/commit/?id=726529dabef044127d02831c4b26fa6c6fc9d5f5
- https://git.alpinelinux.org/aports/commit/?id=7d1a8137daa5c1f5312ad957dc1857027b8999df
- https://git.alpinelinux.org/aports/commit/?id=9959b863135bbaa1251dbddfa038c9256e155702
- https://git.alpinelinux.org/aports/commit/?id=cc9c8ab403cd5dfa204be58c326dd98d0702d70c