CVE-2020-13112
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-13112
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13112.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-13112
- Aliases
-
- A-194342672
- ASB-A-194342672
- Downstream
- Related
- Published
- 2020-05-21T16:15:10Z
- Modified
- 2025-10-14T17:22:29.056322Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
- References
Affected packages
Git / github.com/libexif/exif
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libexif/exif
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/libexif/libexif
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
cvs-migration
exif-0_6-release
exif-0_6_15-release
exif-0_6_17-release
exif-0_6_18-release
exif-0_6_19-release
exif-0_6_20-release
exif-0_6_21-release
exif-0_6_9-release
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-before-0_6_0-api-change
Database specific
{
"vanir_signatures": [
{
"digest": {
"line_hashes": [
"67992316777328202553980430044272331270",
"232550279310151884703013089340447102658",
"262436377453016637111844930069636124266",
"330076833017829254660096767153562663059",
"228662460307024714608934979598524022781",
"233676342583969049750620450728947013967",
"160686445356664800807236764665764019330",
"154921360113025583163959014935285786330",
"229994903253438464991697503678377727877",
"275315361253278129193099917602521068866",
"304848201401731473370420849461607645697",
"69681233052220359974246983910946828230",
"329721097948751380813217950720224206016",
"249747458773296643272793894562528613180",
"16243798146026572846220843309356160713",
"164072094161247012763677138634413304489",
"105483538392136473165128370458666347432",
"206969502877073191430784891318810175061",
"28868556028154082651229560412125977965"
],
"threshold": 0.9
},
"target": {
"file": "libexif/pentax/exif-mnote-data-pentax.c"
},
"signature_type": "Line",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-1f0b6412"
},
{
"digest": {
"line_hashes": [
"183661055639346139562865211106879471593",
"102180397425500091626994875092804653997",
"306305871760784389225367867808059433294",
"303255437467966467341393093297170437848",
"100948656951186216070801422017812816676",
"73432668262711205432098364026531541312",
"267961534160633078526824789703397165948",
"154921360113025583163959014935285786330",
"103248917384609285893761502457655296973",
"22227807076449600468076546494790266074",
"193000294359280234636191826172030860032",
"88845552691393415932615695681994998508",
"184149275761824461580457056613687778179",
"40444631565845192778785848625597607555",
"157113014476111942554117727043326998952",
"176117644035555751522229401211926605647",
"263132597833869344788571920226587275969",
"42658674550384883182946853197281633468",
"33198140988457916349558889987929538988",
"112671455866612657294225999046785040953",
"75308504808077224835780035377193872907",
"148817980664338714766037931751369169901"
],
"threshold": 0.9
},
"target": {
"file": "libexif/canon/exif-mnote-data-canon.c"
},
"signature_type": "Line",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-2c45cb53"
},
{
"digest": {
"line_hashes": [
"91768807785251968606655776771787404175",
"34128777807662979432063334523332355086",
"122684923369204591401773385474411219437",
"306501088345474863721586112929833381110",
"138851954609533570359062211287425004272",
"1936258232986127287851615607716904335",
"53254384811274092521536811663461829923",
"305083593056247587556077756653645362624",
"19208761416751210466370906286318838835",
"251599490399381872736538431677863863879",
"247226864292509684740302401359787767559",
"287947585148421249845200903856289510669",
"104253677331884237553937680473303634630",
"131253004424668098972405393941221762040",
"332928245879175964489794819146672288298",
"154921360113025583163959014935285786330",
"229994903253438464991697503678377727877",
"106720485668533517217715668095921258485",
"131450083276499232150020930332149982750",
"163570383433052667235952779228527056161",
"44006543196768161952519086084373760910",
"15994231627680740085484671932692890255",
"197911634203420330037577726332330554142",
"194890962513460607422706959778358943056",
"313155748930828196394430449175341864996",
"23478694786261685262689945243584631558",
"1618213517171275702668445605136425663"
],
"threshold": 0.9
},
"target": {
"file": "libexif/fuji/exif-mnote-data-fuji.c"
},
"signature_type": "Line",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-30a2e5cc"
},
{
"digest": {
"length": 6011.0,
"function_hash": "55949762195733080323341990356846721351"
},
"target": {
"function": "exif_mnote_data_olympus_load",
"file": "libexif/olympus/exif-mnote-data-olympus.c"
},
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-5ead74b6"
},
{
"digest": {
"length": 2396.0,
"function_hash": "72818263087279984346187142549446253523"
},
"target": {
"function": "exif_mnote_data_canon_load",
"file": "libexif/canon/exif-mnote-data-canon.c"
},
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-81b80aa7"
},
{
"digest": {
"line_hashes": [
"258535496758549796525577034021958697522",
"59736004700112239815348148878440973207",
"156015236527021583219511368386532566842",
"208925529009590714242737344820623926710",
"48666843725151391636436753403927499968",
"240018877582134170072901602787940449497",
"213651751248844444609361278218619392192",
"161449136370583283527198612585547913368",
"290559282883468675134013108171214909360",
"147474528890062733927576834142739063216",
"264739365555415385503399378779555237016",
"271376794645886992757590256004031107931",
"54938726496285719623762975160898876854",
"17970311093682324014554973538210305570",
"98402954308037296842595951412212103213",
"338367017957438403399591092303558428499",
"21616384379039474647905404541779968469",
"240983110241008204587683960473455952697",
"300382965223174925975307352434426334743",
"188422837286098323284111960324460508945",
"144254756210762447390137419065902126524",
"43833660071409727621081211170277356266",
"129968889050604978613839631187151974605",
"116747509092517018688199909938715976133",
"288949564732672714059697529825343483626",
"314788910212899863640686260426888679038",
"157532589449493052524821219631199914886",
"45393122599490990728121242797044305316",
"39540614766808889591457708870210383263",
"21089699327839949456483140375456845158",
"301458848095656617000108631530238790419",
"323453559867362649834545384425527187279",
"75772798565266786018311198559361232120",
"186253402370051844648021984182755247832",
"177768108317455400588934416141028632759"
],
"threshold": 0.9
},
"target": {
"file": "libexif/olympus/exif-mnote-data-olympus.c"
},
"signature_type": "Line",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-95964281"
},
{
"digest": {
"length": 3268.0,
"function_hash": "312918665237201480084073533825807408190"
},
"target": {
"function": "exif_mnote_data_pentax_load",
"file": "libexif/pentax/exif-mnote-data-pentax.c"
},
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-dd6811d3"
},
{
"digest": {
"length": 2612.0,
"function_hash": "312289911135611097116278230982177365056"
},
"target": {
"function": "exif_mnote_data_fuji_load",
"file": "libexif/fuji/exif-mnote-data-fuji.c"
},
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2020-13112-f053eccf"
}
]
}