CVE-2019-9278

high

Description

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References

https://source.android.com/security/bulletin/android-10

http://www.openwall.com/lists/oss-security/2019/10/25/17

http://www.openwall.com/lists/oss-security/2019/10/27/1

http://www.openwall.com/lists/oss-security/2019/11/07/1

https://www.debian.org/security/2020/dsa-4618

https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html

https://seclists.org/bugtraq/2020/Feb/9

https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566

https://github.com/libexif/libexif/issues/26

https://usn.ubuntu.com/4277-1/

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/

https://lists.fedoraproject.org/archives/list/[email protected]/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/

https://security.gentoo.org/glsa/202007-05

Details

Source: MITRE

Published: 2019-09-27

Updated: 2022-10-14

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH