Out-of-bounds Write in libexif

Do your applications use this vulnerable package? Test your applications

Overview

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

References

BUGTRAQ
CONFIRM
CONFIRM
DEBIAN
Debian Security Tracker
FEDORA
FEDORA
GENTOO
MISC
MLIST
MLIST
OSS security Advisory
OSS security Advisory
SUSE
SUSE
UBUNTU
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2019-9278
CWE: CWE-190 CWE-787
Snyk ID: SNYK-DEBIAN9-LIBEXIF-483031
Disclosed: 27 Sep, 2019
Published: 11 Nov, 2019

Out-of-bounds Write
Affecting libexif package, versions <0.6.21-2+deb9u1

Overview

References

CVSS Score

Out-of-bounds Write Affecting libexif package, versions <0.6.21-2+deb9u1

Overview

References

Out-of-bounds Write
Affecting libexif package, versions <0.6.21-2+deb9u1