CVE-2019-9278Integer Overflow or Wraparound in Google Android

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds Write9 documents8 sources
Severity
8.8HIGHNVD
OSV8.1
EPSS
3.7%
top 11.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libexif Project LibexifGoogle AndroidCanonical Ubuntu Linux+3 more
Timeline
PublishedSep 27
Latest updateMay 24

Description

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

Debianlibexif_project/libexif< 0.6.21-6+3
Ubuntulibexif_project/libexif< 0.6.21-2ubuntu0.1+2
CVEListV5google/androidAndroid-10
NVDgoogle/android10.0
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 31, 32, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-wwvf-m6j5-65jw: In libexif, there is a possible out of bounds write due to an integer overflow2022-05-24
OSV
libexif vulnerabilities2020-02-11
OSV
CVE-2019-9278: In libexif, there is a possible out of bounds write due to an integer overflow2019-09-27
CVEList
CVE-2019-9278: In libexif, there is a possible out of bounds write due to an integer overflow2019-09-27

📋Vendor Advisories

3
Ubuntu
libexif vulnerabilities2020-02-11
Red Hat
libexif: out of bounds write in exif-data.c2019-12-01
Debian
CVE-2019-9278: libexif - In libexif, there is a possible out of bounds write due to an integer overflow. ...2019

💬Community

1
Bugzilla
CVE-2019-9278 libexif: out of bounds write in exif-data.c2020-01-08
CVE-2019-9278 — Integer Overflow or Wraparound | cvebase