UBUNTU-CVE-2019-9278

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-9278

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9278.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-9278

Related

Published

2019-09-27T19:15:00Z

Modified

2019-09-27T19:15:00Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References

Affected packages

Ubuntu:Pro:14.04:LTS / libexif

Package

Name: libexif
Purl: pkg:deb/ubuntu/libexif?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-1ubuntu1+esm1

Affected versions

0.*

0.6.21-1

0.6.21-1ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.21-1ubuntu1+esm1",
            "binary_name": "libexif-dev"
        },
        {
            "binary_version": "0.6.21-1ubuntu1+esm1",
            "binary_name": "libexif12"
        },
        {
            "binary_version": "0.6.21-1ubuntu1+esm1",
            "binary_name": "libexif12-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / libexif

Package

Name: libexif
Purl: pkg:deb/ubuntu/libexif?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-2ubuntu0.1

Affected versions

0.*

0.6.21-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.21-2ubuntu0.1",
            "binary_name": "libexif-dev"
        },
        {
            "binary_version": "0.6.21-2ubuntu0.1",
            "binary_name": "libexif12"
        },
        {
            "binary_version": "0.6.21-2ubuntu0.1",
            "binary_name": "libexif12-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / libexif

Package

Name: libexif
Purl: pkg:deb/ubuntu/libexif?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.21-4ubuntu0.1

Affected versions

0.*

0.6.21-2.1

0.6.21-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.21-4ubuntu0.1",
            "binary_name": "libexif-dev"
        },
        {
            "binary_version": "0.6.21-4ubuntu0.1",
            "binary_name": "libexif-doc"
        },
        {
            "binary_version": "0.6.21-4ubuntu0.1",
            "binary_name": "libexif12"
        },
        {
            "binary_version": "0.6.21-4ubuntu0.1",
            "binary_name": "libexif12-dbgsym"
        }
    ]
}