CVE-2019-2179

MEDIUM

Android 7.1.1-9 - Integer Overflow to Out-of-Bounds Read in NDEF_MsgValidate

Title source: llm
STIX 2.1

Description

In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0045
EPSS Percentile 36.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-125 CWE-190
Status published
Products (5)
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Sep 05, 2019
Tracked Since Feb 18, 2026