CVE-2019-9278

HIGH

Android -10 - Privilege Escalation

Title source: llm

Description

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References (15)

Core 15

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/android-10

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/10/25/17

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/10/27/1

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/11/07/1

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4618

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2020/Feb/9

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://github.com/libexif/libexif/issues/26

Patch, Third Party Advisory x_refsource_confirm

https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566

View Patch ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4277-1/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202007-05

Scores

CVSS v3 8.8

EPSS 0.0375

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190 CWE-787

Status published

Products (12)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 31

fedoraproject/fedora 32

... and 2 more

Published Sep 27, 2019

Tracked Since Feb 18, 2026