CVE-2019-9278

NameCVE-2019-9278
DescriptionIn libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs945948

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libexif (PTS)jessie, stretch0.6.21-2vulnerable
bullseye, sid, buster0.6.21-5.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libexifsource(unstable)(unfixed)945948

Notes

https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0
https://github.com/libexif/libexif/issues/26

Search for package or bug name: Reporting problems