Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libexif: CVE-2019-9278 #2095

Closed
5 tasks done
szclsya opened this issue Feb 7, 2020 · 3 comments
Closed
5 tasks done

libexif: CVE-2019-9278 #2095

szclsya opened this issue Feb 7, 2020 · 3 comments
Labels
aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment security Topic/issue involves a security issue/fixed

Comments

@szclsya
Copy link
Contributor

szclsya commented Feb 7, 2020
edited by MingcongBai
Loading

CVE IDs: CVE-2019-9278

Other security advisory IDs: MGASA-2019-0331, DSA-4618-1, openSUSE-SU-2020:0264-1

Descriptions:
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

Patches:
From Android. Android patch

PoC(s): N/A

Architectural progress:

  • AMD64 amd64
    • 32-bit Optional Environment optenv32
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
@szclsya
Copy link
Contributor Author

szclsya commented Feb 8, 2020
edited
Loading

Patched in b50d049 .

@eatradish eatradish added security Topic/issue involves a security issue/fixed to-stable labels Feb 9, 2020
@KexyBiscuit KexyBiscuit mentioned this issue Feb 10, 2020
Closed
MingcongBai added a commit that referenced this issue Feb 13, 2020
@MingcongBai
libexif+32: #2095
7c8bb1b
@MingcongBai
Copy link
Member

All done. @l2dy Please assign an AOSA.

@MingcongBai MingcongBai added the aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment label Apr 20, 2020
@l2dy
Copy link
Member

l2dy commented Apr 21, 2020

Use AOSA-2020-0068.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment security Topic/issue involves a security issue/fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MingcongBai @szclsya @l2dy @eatradish