CVE-2020-13112

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13112
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13112.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13112
Aliases
Downstream
Related
Published
2020-05-21T16:15:10Z
Modified
2025-10-31T22:11:06.852461Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

References

Affected packages

Git / github.com/libexif/exif

Affected ranges

Type
GIT
Repo
https://github.com/libexif/exif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
edad134a28caaa7ea324b8c075bde52da05ad7d9

Affected versions

Other

cvs-migration
exif-0_6-release
exif-0_6_15-release
exif-0_6_17-release
exif-0_6_18-release
exif-0_6_19-release
exif-0_6_20-release
exif-0_6_21-release
exif-0_6_9-release

Git / github.com/libexif/libexif

Affected ranges

Type
GIT
Repo
https://github.com/libexif/libexif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
435e21f05001fb03f9f186fa7cbc69454afd00d1

Affected versions

Other

cvs-migration
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-before-0_6_0-api-change

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "file": "libexif/pentax/exif-mnote-data-pentax.c"
        },
        "digest": {
            "line_hashes": [
                "67992316777328202553980430044272331270",
                "232550279310151884703013089340447102658",
                "262436377453016637111844930069636124266",
                "330076833017829254660096767153562663059",
                "228662460307024714608934979598524022781",
                "233676342583969049750620450728947013967",
                "160686445356664800807236764665764019330",
                "154921360113025583163959014935285786330",
                "229994903253438464991697503678377727877",
                "275315361253278129193099917602521068866",
                "304848201401731473370420849461607645697",
                "69681233052220359974246983910946828230",
                "329721097948751380813217950720224206016",
                "249747458773296643272793894562528613180",
                "16243798146026572846220843309356160713",
                "164072094161247012763677138634413304489",
                "105483538392136473165128370458666347432",
                "206969502877073191430784891318810175061",
                "28868556028154082651229560412125977965"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-1f0b6412",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "file": "libexif/canon/exif-mnote-data-canon.c"
        },
        "digest": {
            "line_hashes": [
                "183661055639346139562865211106879471593",
                "102180397425500091626994875092804653997",
                "306305871760784389225367867808059433294",
                "303255437467966467341393093297170437848",
                "100948656951186216070801422017812816676",
                "73432668262711205432098364026531541312",
                "267961534160633078526824789703397165948",
                "154921360113025583163959014935285786330",
                "103248917384609285893761502457655296973",
                "22227807076449600468076546494790266074",
                "193000294359280234636191826172030860032",
                "88845552691393415932615695681994998508",
                "184149275761824461580457056613687778179",
                "40444631565845192778785848625597607555",
                "157113014476111942554117727043326998952",
                "176117644035555751522229401211926605647",
                "263132597833869344788571920226587275969",
                "42658674550384883182946853197281633468",
                "33198140988457916349558889987929538988",
                "112671455866612657294225999046785040953",
                "75308504808077224835780035377193872907",
                "148817980664338714766037931751369169901"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-2c45cb53",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "file": "libexif/fuji/exif-mnote-data-fuji.c"
        },
        "digest": {
            "line_hashes": [
                "91768807785251968606655776771787404175",
                "34128777807662979432063334523332355086",
                "122684923369204591401773385474411219437",
                "306501088345474863721586112929833381110",
                "138851954609533570359062211287425004272",
                "1936258232986127287851615607716904335",
                "53254384811274092521536811663461829923",
                "305083593056247587556077756653645362624",
                "19208761416751210466370906286318838835",
                "251599490399381872736538431677863863879",
                "247226864292509684740302401359787767559",
                "287947585148421249845200903856289510669",
                "104253677331884237553937680473303634630",
                "131253004424668098972405393941221762040",
                "332928245879175964489794819146672288298",
                "154921360113025583163959014935285786330",
                "229994903253438464991697503678377727877",
                "106720485668533517217715668095921258485",
                "131450083276499232150020930332149982750",
                "163570383433052667235952779228527056161",
                "44006543196768161952519086084373760910",
                "15994231627680740085484671932692890255",
                "197911634203420330037577726332330554142",
                "194890962513460607422706959778358943056",
                "313155748930828196394430449175341864996",
                "23478694786261685262689945243584631558",
                "1618213517171275702668445605136425663"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-30a2e5cc",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "function": "exif_mnote_data_olympus_load",
            "file": "libexif/olympus/exif-mnote-data-olympus.c"
        },
        "digest": {
            "function_hash": "55949762195733080323341990356846721351",
            "length": 6011.0
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-5ead74b6",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "function": "exif_mnote_data_canon_load",
            "file": "libexif/canon/exif-mnote-data-canon.c"
        },
        "digest": {
            "function_hash": "72818263087279984346187142549446253523",
            "length": 2396.0
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-81b80aa7",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "file": "libexif/olympus/exif-mnote-data-olympus.c"
        },
        "digest": {
            "line_hashes": [
                "258535496758549796525577034021958697522",
                "59736004700112239815348148878440973207",
                "156015236527021583219511368386532566842",
                "208925529009590714242737344820623926710",
                "48666843725151391636436753403927499968",
                "240018877582134170072901602787940449497",
                "213651751248844444609361278218619392192",
                "161449136370583283527198612585547913368",
                "290559282883468675134013108171214909360",
                "147474528890062733927576834142739063216",
                "264739365555415385503399378779555237016",
                "271376794645886992757590256004031107931",
                "54938726496285719623762975160898876854",
                "17970311093682324014554973538210305570",
                "98402954308037296842595951412212103213",
                "338367017957438403399591092303558428499",
                "21616384379039474647905404541779968469",
                "240983110241008204587683960473455952697",
                "300382965223174925975307352434426334743",
                "188422837286098323284111960324460508945",
                "144254756210762447390137419065902126524",
                "43833660071409727621081211170277356266",
                "129968889050604978613839631187151974605",
                "116747509092517018688199909938715976133",
                "288949564732672714059697529825343483626",
                "314788910212899863640686260426888679038",
                "157532589449493052524821219631199914886",
                "45393122599490990728121242797044305316",
                "39540614766808889591457708870210383263",
                "21089699327839949456483140375456845158",
                "301458848095656617000108631530238790419",
                "323453559867362649834545384425527187279",
                "75772798565266786018311198559361232120",
                "186253402370051844648021984182755247832",
                "177768108317455400588934416141028632759"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-95964281",
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "function": "exif_mnote_data_pentax_load",
            "file": "libexif/pentax/exif-mnote-data-pentax.c"
        },
        "digest": {
            "function_hash": "312918665237201480084073533825807408190",
            "length": 3268.0
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-dd6811d3",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
        "target": {
            "function": "exif_mnote_data_fuji_load",
            "file": "libexif/fuji/exif-mnote-data-fuji.c"
        },
        "digest": {
            "function_hash": "312289911135611097116278230982177365056",
            "length": 2612.0
        },
        "signature_version": "v1",
        "id": "CVE-2020-13112-f053eccf",
        "signature_type": "Function",
        "deprecated": false
    }
]