CVE-2019-9278

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-9278
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9278.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-9278
Related
Published
2019-09-27T19:15:19Z
Modified
2024-09-11T04:31:40.187406Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References

Affected packages

Alpine:v3.10 / libexif

Package

Name
libexif
Purl
pkg:apk/alpine/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.22-r0

Affected versions

0.*

0.6.17-r0
0.6.19-r0
0.6.19-r1
0.6.19-r2
0.6.19-r3
0.6.20-r0
0.6.20-r1
0.6.21-r0
0.6.21-r1
0.6.21-r2
0.6.21-r3

Alpine:v3.11 / libexif

Package

Name
libexif
Purl
pkg:apk/alpine/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.22-r0

Affected versions

0.*

0.6.17-r0
0.6.19-r0
0.6.19-r1
0.6.19-r2
0.6.19-r3
0.6.20-r0
0.6.20-r1
0.6.21-r0
0.6.21-r1
0.6.21-r2
0.6.21-r3

Alpine:v3.12 / libexif

Package

Name
libexif
Purl
pkg:apk/alpine/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.22-r0

Affected versions

0.*

0.6.17-r0
0.6.19-r0
0.6.19-r1
0.6.19-r2
0.6.19-r3
0.6.20-r0
0.6.20-r1
0.6.21-r0
0.6.21-r1
0.6.21-r2
0.6.21-r3

Alpine:v3.8 / libexif

Package

Name
libexif
Purl
pkg:apk/alpine/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.22-r0

Affected versions

0.*

0.6.17-r0
0.6.19-r0
0.6.19-r1
0.6.19-r2
0.6.19-r3
0.6.20-r0
0.6.20-r1
0.6.21-r0
0.6.21-r1
0.6.21-r2
0.6.21-r3

Alpine:v3.9 / libexif

Package

Name
libexif
Purl
pkg:apk/alpine/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.22-r0

Affected versions

0.*

0.6.17-r0
0.6.19-r0
0.6.19-r1
0.6.19-r2
0.6.19-r3
0.6.20-r0
0.6.20-r1
0.6.21-r0
0.6.21-r1
0.6.21-r2
0.6.21-r3

Debian:11 / libexif

Package

Name
libexif
Purl
pkg:deb/debian/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.21-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libexif

Package

Name
libexif
Purl
pkg:deb/debian/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.21-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libexif

Package

Name
libexif
Purl
pkg:deb/debian/libexif?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.21-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}