CVE-2019-9278
- Source
- https://cve.org/CVERecord?id=CVE-2019-9278
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9278.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-9278
- Downstream
- Related
- Published
- 2019-09-27T19:15:19.060Z
- Modified
- 2026-01-30T02:48:53.153817Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566
- https://github.com/libexif/libexif/issues/26
- https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html
- https://seclists.org/bugtraq/2020/Feb/9
- https://security.gentoo.org/glsa/202007-05
- https://source.android.com/security/bulletin/android-10
- https://usn.ubuntu.com/4277-1/
- https://www.debian.org/security/2020/dsa-4618
- https://github.com/libexif/libexif/issues/26
- https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566
- https://github.com/libexif/libexif/issues/26
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html
- http://www.openwall.com/lists/oss-security/2019/10/25/17
- http://www.openwall.com/lists/oss-security/2019/10/27/1
- http://www.openwall.com/lists/oss-security/2019/11/07/1
- https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html
- https://seclists.org/bugtraq/2020/Feb/9
Affected packages
Git / github.com/libexif/libexif
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libexif/libexif
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
cvs-migration
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-before-0_6_0-api-change
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566",
"target": {
"file": "libexif/exif-data.c",
"function": "exif_data_load_data"
},
"id": "CVE-2019-9278-8bd7e8f1",
"signature_version": "v1",
"digest": {
"function_hash": "193423956425546990439456069520297992751",
"length": 3092.0
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566",
"target": {
"file": "libexif/exif-data.c",
"function": "exif_data_load_data_entry"
},
"id": "CVE-2019-9278-a062e930",
"signature_version": "v1",
"digest": {
"function_hash": "118746337237474988410074582300045599827",
"length": 1783.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566",
"target": {
"file": "libexif/exif-data.c"
},
"id": "CVE-2019-9278-ead47d85",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"25707471914593945628742627811716771595",
"113407591838412601064557876627602861885",
"252816705751323480937359359070655864628",
"44809418054111196477245934147682880731",
"189036369069984767582131145007750775486",
"292766821050531327419548003287136591149",
"186985038051753530709571128315672777257",
"91106785882479147070538014282376894643",
"61967507178526392454228980120809213187",
"118343106635046383152888414374594757511",
"109461403624083389715740858119616610831",
"100901380592973423211292573969669133244",
"339012495915927709266452908000019020359",
"136253901020684343053841584360337564445",
"141879690308923582685523709584601790446",
"319073722507381763753768015247470989491",
"238949705764780856968987373255956916827",
"187504706236837048239642637993512638047",
"247209009108897757984858609027392992278",
"209233680515556223914878524222269084596",
"225066870589362276689999534557590164425",
"178018824952698495390226504930346898465",
"228765288681849397846367273340609830708",
"30616676452432380621571581214734408408",
"227306291967088994447548580029607503380",
"281864738930270184523853461413712119631"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"source": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566",
"target": {
"file": "libexif/exif-data.c",
"function": "exif_data_load_data_thumbnail"
},
"id": "CVE-2019-9278-feda679d",
"signature_version": "v1",
"digest": {
"function_hash": "91125149220453632657505834369352006698",
"length": 683.0
},
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9278.json"