| |
Vulnerability CVE-2020-0020
Published: 2020-02-13
Description: |
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731 |
Type:
CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
CVSS2 => (AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.9/10 |
6.9/10 |
3.9/10 |
Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
None |
None |
References: |
https://source.android.com/security/bulletin/2020-02-01
|
|
|
Copyright 2024, cxsecurity.com
|
|
|