CVE-2019-9278

high

Description

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References

Advisories
More

https://www.debian.org/security/2020/dsa-4618

https://usn.ubuntu.com/4277-1/

https://security.gentoo.org/glsa/202007-05

https://seclists.org/bugtraq/2020/Feb/9

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/

https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html

https://github.com/libexif/libexif/issues/26

https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html

https://source.android.com/security/bulletin/android-10

http://www.openwall.com/lists/oss-security/2019/11/07/1

http://www.openwall.com/lists/oss-security/2019/10/27/1

http://www.openwall.com/lists/oss-security/2019/10/25/17

Details

Source: Mitre, NVD

Published: 2019-09-27

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.04889