Unrated severityNVD Advisory· Published Sep 27, 2019· Updated Aug 4, 2024
CVE-2019-9278
CVE-2019-9278
Description
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- Google/Androiddescription
- Range: = 10
- osv-coords29 versionspkg:rpm/opensuse/libexif&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libexif&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libexif&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libexif&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libexif&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libexif&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/libexif&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libexif&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0.6.21-lp151.4.3.1+ 28 more
- (no CPE)range: < 0.6.21-lp151.4.3.1
- (no CPE)range: < 0.6.23-1.2
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-5.3.1
- (no CPE)range: < 0.6.21-5.3.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.22-5.6.1
- (no CPE)range: < 0.6.17-2.14.7.2
- (no CPE)range: < 0.6.17-2.14.7.2
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
- (no CPE)range: < 0.6.21-8.6.1
Patches
Vulnerability mechanics
References
15- lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202007-05mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4277-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4618mitrevendor-advisoryx_refsource_DEBIAN
- www.openwall.com/lists/oss-security/2019/10/25/17mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2019/10/27/1mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2019/11/07/1mitremailing-listx_refsource_MLIST
- github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566mitrex_refsource_CONFIRM
- github.com/libexif/libexif/issues/26mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2020/02/msg00007.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2020/Feb/9mitremailing-listx_refsource_BUGTRAQ
- source.android.com/security/bulletin/android-10mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.