CVE-2019-9278 - In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to r

CVE-2019-9278

Summary

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References

Vulnerable Configurations

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 14-10-2022 - 01:47)
Impact:
Exploitability:

CWE

CWE-190

CAPEC

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

rpms

libexif-0:0.6.22-1.el7
libexif-debuginfo-0:0.6.22-1.el7
libexif-devel-0:0.6.22-1.el7
libexif-doc-0:0.6.22-1.el7
libexif-0:0.6.22-4.el8
libexif-debuginfo-0:0.6.22-4.el8
libexif-debugsource-0:0.6.22-4.el8
libexif-devel-0:0.6.22-4.el8

refmap via4

bugtraq	20200210 [SECURITY] [DSA 4618-1] libexif security update
confirm	https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566 https://github.com/libexif/libexif/issues/26
debian	DSA-4618
fedora	FEDORA-2020-085150ac6e FEDORA-2020-b4db792558
gentoo	GLSA-202007-05
misc	https://source.android.com/security/bulletin/android-10
mlist	[debian-lts-announce] 20200210 [SECURITY] [DLA 2100-1] libexif security update [oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem? [oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? [oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?
suse	openSUSE-SU-2020:0264 openSUSE-SU-2020:0793
ubuntu	USN-4277-1

Last major update

14-10-2022 - 01:47

Published

27-09-2019 - 19:15

Last modified

14-10-2022 - 01:47