CVE-2019-2201 — Out-of-bounds Write in Google Android
Severity
7.8HIGHNVD
OSV6.5
EPSS
1.1%
top 22.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 13
Latest updateMay 24
Description
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.04
🔴Vulnerability Details
3📋Vendor Advisories
4Android▶
CVE-2019-2201: Android Security Bulletin 2019-11-01
CVE: CVE-2019-2201
Severity: HIGH
Type: RCE
Affected AOSP versions: 8↗2019-11-01
Red Hat▶
libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images↗2019-07-05
Debian▶
CVE-2019-2201: libjpeg-turbo - In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possibl...↗2019
💬Community
9Bugzilla
▶
Bugzilla▶
libjpeg-turbo: decompression of images greater than 715827882 pixels causing integer overflow↗2020-06-24
Bugzilla▶
CVE-2019-2201 mingw-libjpeg-turbo: libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images [fedora-all]↗2019-11-11
Bugzilla▶
CVE-2019-2201 libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images↗2019-11-11
Bugzilla▶
CVE-2019-2201 mingw-libjpeg-turbo: libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images [epel-7]↗2019-11-11