← Volver a CVEs
CVE-2019-9278
HIGH8.8
Descripcion
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado9/27/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedoragoogle:androidopensuse:leap
Debilidades (CWE)
CWE-190CWE-787
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html(security@android.com)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html(security@android.com)
http://www.openwall.com/lists/oss-security/2019/10/25/17(security@android.com)
http://www.openwall.com/lists/oss-security/2019/10/27/1(security@android.com)
http://www.openwall.com/lists/oss-security/2019/11/07/1(security@android.com)
https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566(security@android.com)
https://github.com/libexif/libexif/issues/26(security@android.com)
https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html(security@android.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/(security@android.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/(security@android.com)
https://seclists.org/bugtraq/2020/Feb/9(security@android.com)
https://security.gentoo.org/glsa/202007-05(security@android.com)
https://source.android.com/security/bulletin/android-10(security@android.com)
https://usn.ubuntu.com/4277-1/(security@android.com)
https://www.debian.org/security/2020/dsa-4618(security@android.com)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/25/17(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/27/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/11/07/1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libexif/libexif/issues/26(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2020/Feb/9(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202007-05(af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/android-10(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4277-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4618(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.