Out-of-bounds Write The advisory has been revoked - it doesn't affect any version of package libexif Open this link in a new tab
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1604-LIBEXIF-534491
- published 15 Nov 2019
- disclosed 27 Sep 2019
Introduced: 27 Sep 2019
CVE-2019-9423 Open this link in a new tabAmendment
The Ubuntu security team deemed this advisory irrelevant for Ubuntu:16.04.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libexif package and not the libexif package as distributed by Ubuntu.
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9423
- https://source.android.com/security/bulletin/android-10
- http://www.openwall.com/lists/oss-security/2019/11/07/1
- http://www.openwall.com/lists/oss-security/2020/12/05/1
- http://www.openwall.com/lists/oss-security/2019/10/25/17
- http://www.openwall.com/lists/oss-security/2019/10/27/1