An update for libexif is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1078 Final 1.0 1.0 2024-01-19 Initial 2024-01-19 2024-01-19 openEuler SA Tool V1.0 2024-01-19 libexif security update An update for libexif is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fix(es): In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731(CVE-2020-0452) An update for libexif is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical libexif https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1078 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-0452 https://nvd.nist.gov/vuln/detail/CVE-2020-0452 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 libexif-debuginfo-0.6.21-26.oe1.aarch64.rpm libexif-debugsource-0.6.21-26.oe1.aarch64.rpm libexif-devel-0.6.21-26.oe1.aarch64.rpm libexif-0.6.21-26.oe1.aarch64.rpm libexif-devel-0.6.21-26.oe2003sp4.aarch64.rpm libexif-0.6.21-26.oe2003sp4.aarch64.rpm libexif-debugsource-0.6.21-26.oe2003sp4.aarch64.rpm libexif-debuginfo-0.6.21-26.oe2003sp4.aarch64.rpm libexif-devel-0.6.22-5.oe2203.aarch64.rpm libexif-0.6.22-5.oe2203.aarch64.rpm libexif-debugsource-0.6.22-5.oe2203.aarch64.rpm libexif-debuginfo-0.6.22-5.oe2203.aarch64.rpm libexif-debugsource-0.6.22-5.oe2203sp1.aarch64.rpm libexif-0.6.22-5.oe2203sp1.aarch64.rpm libexif-devel-0.6.22-5.oe2203sp1.aarch64.rpm libexif-debuginfo-0.6.22-5.oe2203sp1.aarch64.rpm libexif-devel-0.6.22-5.oe2203sp2.aarch64.rpm libexif-0.6.22-5.oe2203sp2.aarch64.rpm libexif-debugsource-0.6.22-5.oe2203sp2.aarch64.rpm libexif-debuginfo-0.6.22-5.oe2203sp2.aarch64.rpm libexif-0.6.22-5.oe2203sp3.aarch64.rpm libexif-devel-0.6.22-5.oe2203sp3.aarch64.rpm libexif-debuginfo-0.6.22-5.oe2203sp3.aarch64.rpm libexif-debugsource-0.6.22-5.oe2203sp3.aarch64.rpm libexif-help-0.6.21-26.oe1.noarch.rpm libexif-help-0.6.21-26.oe2003sp4.noarch.rpm libexif-help-0.6.22-5.oe2203.noarch.rpm libexif-help-0.6.22-5.oe2203sp1.noarch.rpm libexif-help-0.6.22-5.oe2203sp2.noarch.rpm libexif-help-0.6.22-5.oe2203sp3.noarch.rpm libexif-0.6.21-26.oe1.src.rpm libexif-0.6.21-26.oe2003sp4.src.rpm libexif-0.6.22-5.oe2203.src.rpm libexif-0.6.22-5.oe2203sp1.src.rpm libexif-0.6.22-5.oe2203sp2.src.rpm libexif-0.6.22-5.oe2203sp3.src.rpm libexif-devel-0.6.21-26.oe1.x86_64.rpm libexif-0.6.21-26.oe1.x86_64.rpm libexif-debugsource-0.6.21-26.oe1.x86_64.rpm libexif-debuginfo-0.6.21-26.oe1.x86_64.rpm libexif-devel-0.6.21-26.oe2003sp4.x86_64.rpm libexif-debugsource-0.6.21-26.oe2003sp4.x86_64.rpm libexif-0.6.21-26.oe2003sp4.x86_64.rpm libexif-debuginfo-0.6.21-26.oe2003sp4.x86_64.rpm libexif-debugsource-0.6.22-5.oe2203.x86_64.rpm libexif-devel-0.6.22-5.oe2203.x86_64.rpm libexif-0.6.22-5.oe2203.x86_64.rpm libexif-debuginfo-0.6.22-5.oe2203.x86_64.rpm libexif-debuginfo-0.6.22-5.oe2203sp1.x86_64.rpm libexif-0.6.22-5.oe2203sp1.x86_64.rpm libexif-debugsource-0.6.22-5.oe2203sp1.x86_64.rpm libexif-devel-0.6.22-5.oe2203sp1.x86_64.rpm libexif-debugsource-0.6.22-5.oe2203sp2.x86_64.rpm libexif-0.6.22-5.oe2203sp2.x86_64.rpm libexif-debuginfo-0.6.22-5.oe2203sp2.x86_64.rpm libexif-devel-0.6.22-5.oe2203sp2.x86_64.rpm libexif-0.6.22-5.oe2203sp3.x86_64.rpm libexif-devel-0.6.22-5.oe2203sp3.x86_64.rpm libexif-debugsource-0.6.22-5.oe2203sp3.x86_64.rpm libexif-debuginfo-0.6.22-5.oe2203sp3.x86_64.rpm In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 2024-01-19 CVE-2020-0452 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H libexif security update 2024-01-19 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1078