PT-2019-5083 · None+6 · Libexif+6

Msmeissn

Published

2019-09-27

Updated

2024-06-15

CVE-2019-9278

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libexif (affected versions not specified) Android versions Android-10

Description The issue is caused by an integer overflow in the libexif library, which is used for parsing EXIF files. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability may lead to remote escalation of privilege in the media content provider. User interaction is required for exploitation.

Recommendations For libexif, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Android versions Android-10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

ALT-PU-2020-2019

ALT-PU-2020-2723

BDU:2020-01749

CESA-2020_4040

CESA-2020_4766

CVE-2019-9278

DLA-2100-1

DSA-4618-1

MGASA-2019-0331

OESA-2022-2006

OESA-2022-2008

OPENSUSE-SU-2020:0264-1

OPENSUSE-SU-2020:0793-1

OPENSUSE-SU-2020_0264-1

OPENSUSE-SU-2020_0793-1

OPENSUSE-SU-2024:10939-1

RHSA-2020:4040

RHSA-2020:4766

RHSA-2020_4040

RHSA-2020_4766

SUSE-SU-2020:0457-1

SUSE-SU-2020:0458-1

SUSE-SU-2020:14294-1

SUSE-SU-2020:1534-1

SUSE-SU-2020:1553-1

SUSE-SU-2020:1553-2

SUSE-SU-2020_1534-1

SUSE-SU-2020_1553-1

SUSE-SU-2020_1553-2

USN-4277-1

Affected Products

Alt Linux

Android

Centos

Red Hat

Suse

Ubuntu

Libexif

PT-2019-5083 · None+6 · Libexif+6

CVE-2019-9278

Weakness Enumeration

Related Identifiers

Affected Products

References · 86