Vulnerability-Lookup

CVE-2019-9278 (GCVE-0-2019-9278)

Vulnerability from cvelistv5 – Published: 2019-09-27 18:05 – Updated: 2024-08-04 21:46

Summary

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774

Severity ?

No CVSS data available.

CWE

Remote code execution

Assigner

google_android

References

URL

	Vendor	Product	Version
	n/a	Android	Affected: Android-10

FKIE_CVE-2019-9278

Vulnerability from fkie_nvd - Published: 2019-09-27 19:15 - Updated: 2024-11-21 04:51

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@android.com	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html	Mailing List, Third Party Advisory
security@android.com	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html	Mailing List, Third Party Advisory
security@android.com	http://www.openwall.com/lists/oss-security/2019/10/25/17	Mailing List
security@android.com	http://www.openwall.com/lists/oss-security/2019/10/27/1	Mailing List
security@android.com	http://www.openwall.com/lists/oss-security/2019/11/07/1	Mailing List
security@android.com	https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566	Patch, Third Party Advisory
security@android.com	https://github.com/libexif/libexif/issues/26	Issue Tracking, Patch, Third Party Advisory
security@android.com	https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html	Mailing List, Third Party Advisory
security@android.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/
security@android.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/
security@android.com	https://seclists.org/bugtraq/2020/Feb/9	Mailing List, Third Party Advisory
security@android.com	https://security.gentoo.org/glsa/202007-05	Third Party Advisory
security@android.com	https://source.android.com/security/bulletin/android-10	Vendor Advisory
security@android.com	https://usn.ubuntu.com/4277-1/	Third Party Advisory
security@android.com	https://www.debian.org/security/2020/dsa-4618	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/10/25/17	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/10/27/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/11/07/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/libexif/libexif/issues/26	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2020/Feb/9	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202007-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/android-10	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4277-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4618	Third Party Advisory

Impacted products

Vendor	Product	Version
google	android	10.0
opensuse	leap	15.1
fedoraproject	fedora	31
fedoraproject	fedora	32
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3EFED2-F6BC-46D9-AB22-D5ED87EF4549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774"
    },
    {
      "lang": "es",
      "value": "En libexif, se presenta una posible escritura fuera de l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conllevar a una escalada de privilegios remota en el proveedor de contenido multimedia sin ser necesarios privilegios de ejecuci\u00f3n adicionales. Es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-10, ID de Android: A-112537774"
    }
  ],
  "id": "CVE-2019-9278",
  "lastModified": "2024-11-21T04:51:20.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-27T19:15:19.060",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libexif/libexif/issues/26"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html"
    },
    {
      "source": "security@android.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/"
    },
    {
      "source": "security@android.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/9"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-05"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/android-10"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4277-1/"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libexif/libexif/issues/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/android-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4277-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4618"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-405

Vulnerability from certfr_avis - Published: 2019-08-21 - Updated: 2019-08-21

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Android version Q sans le correctif de sécurité 2019-09-01

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 20 août 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Android version Q sans le correctif de s\u00e9curit\u00e9 2019-09-01",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-9348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9348"
    },
    {
      "name": "CVE-2019-9352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9352"
    },
    {
      "name": "CVE-2019-9350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9350"
    },
    {
      "name": "CVE-2019-9427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9427"
    },
    {
      "name": "CVE-2019-9397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9397"
    },
    {
      "name": "CVE-2019-9256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9256"
    },
    {
      "name": "CVE-2019-9344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9344"
    },
    {
      "name": "CVE-2019-9252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9252"
    },
    {
      "name": "CVE-2019-2059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2059"
    },
    {
      "name": "CVE-2019-2169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2169"
    },
    {
      "name": "CVE-2019-2071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2071"
    },
    {
      "name": "CVE-2019-2142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2142"
    },
    {
      "name": "CVE-2019-9407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9407"
    },
    {
      "name": "CVE-2019-9302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9302"
    },
    {
      "name": "CVE-2019-9281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9281"
    },
    {
      "name": "CVE-2019-9423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9423"
    },
    {
      "name": "CVE-2019-9405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9405"
    },
    {
      "name": "CVE-2019-2159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2159"
    },
    {
      "name": "CVE-2019-9388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9388"
    },
    {
      "name": "CVE-2019-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9363"
    },
    {
      "name": "CVE-2019-9404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9404"
    },
    {
      "name": "CVE-2019-9424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9424"
    },
    {
      "name": "CVE-2019-9411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9411"
    },
    {
      "name": "CVE-2019-9354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9354"
    },
    {
      "name": "CVE-2019-2063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2063"
    },
    {
      "name": "CVE-2019-2087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2087"
    },
    {
      "name": "CVE-2019-9359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9359"
    },
    {
      "name": "CVE-2019-9356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9356"
    },
    {
      "name": "CVE-2019-2155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2155"
    },
    {
      "name": "CVE-2019-9460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9460"
    },
    {
      "name": "CVE-2019-9387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9387"
    },
    {
      "name": "CVE-2019-9367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9367"
    },
    {
      "name": "CVE-2019-9317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9317"
    },
    {
      "name": "CVE-2019-2069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2069"
    },
    {
      "name": "CVE-2019-9307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9307"
    },
    {
      "name": "CVE-2019-9389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9389"
    },
    {
      "name": "CVE-2019-2077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2077"
    },
    {
      "name": "CVE-2019-9272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9272"
    },
    {
      "name": "CVE-2019-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2162"
    },
    {
      "name": "CVE-2019-9334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9334"
    },
    {
      "name": "CVE-2019-9385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9385"
    },
    {
      "name": "CVE-2019-9362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9362"
    },
    {
      "name": "CVE-2019-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9262"
    },
    {
      "name": "CVE-2019-9360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9360"
    },
    {
      "name": "CVE-2019-2070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2070"
    },
    {
      "name": "CVE-2019-9406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9406"
    },
    {
      "name": "CVE-2019-9284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9284"
    },
    {
      "name": "CVE-2019-9236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9236"
    },
    {
      "name": "CVE-2019-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2148"
    },
    {
      "name": "CVE-2019-2157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2157"
    },
    {
      "name": "CVE-2019-9314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9314"
    },
    {
      "name": "CVE-2019-9412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9412"
    },
    {
      "name": "CVE-2019-2062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2062"
    },
    {
      "name": "CVE-2019-9246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9246"
    },
    {
      "name": "CVE-2019-9300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9300"
    },
    {
      "name": "CVE-2019-9459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9459"
    },
    {
      "name": "CVE-2019-9383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9383"
    },
    {
      "name": "CVE-2019-9292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9292"
    },
    {
      "name": "CVE-2019-9322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9322"
    },
    {
      "name": "CVE-2019-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9311"
    },
    {
      "name": "CVE-2019-9377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9377"
    },
    {
      "name": "CVE-2019-9303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9303"
    },
    {
      "name": "CVE-2019-9429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9429"
    },
    {
      "name": "CVE-2019-9290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9290"
    },
    {
      "name": "CVE-2019-9361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9361"
    },
    {
      "name": "CVE-2019-9319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9319"
    },
    {
      "name": "CVE-2019-9365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9365"
    },
    {
      "name": "CVE-2019-2073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2073"
    },
    {
      "name": "CVE-2019-9434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9434"
    },
    {
      "name": "CVE-2019-9433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9433"
    },
    {
      "name": "CVE-2019-9326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9326"
    },
    {
      "name": "CVE-2019-9313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9313"
    },
    {
      "name": "CVE-2019-9413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9413"
    },
    {
      "name": "CVE-2019-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9232"
    },
    {
      "name": "CVE-2019-9277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9277"
    },
    {
      "name": "CVE-2019-9364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9364"
    },
    {
      "name": "CVE-2019-9419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9419"
    },
    {
      "name": "CVE-2019-9422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9422"
    },
    {
      "name": "CVE-2019-9430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9430"
    },
    {
      "name": "CVE-2019-2072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2072"
    },
    {
      "name": "CVE-2019-2141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2141"
    },
    {
      "name": "CVE-2019-9349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9349"
    },
    {
      "name": "CVE-2019-9297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9297"
    },
    {
      "name": "CVE-2019-9255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9255"
    },
    {
      "name": "CVE-2019-9332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9332"
    },
    {
      "name": "CVE-2019-2153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2153"
    },
    {
      "name": "CVE-2019-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2067"
    },
    {
      "name": "CVE-2019-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2163"
    },
    {
      "name": "CVE-2019-9264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9264"
    },
    {
      "name": "CVE-2019-2138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2138"
    },
    {
      "name": "CVE-2019-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2166"
    },
    {
      "name": "CVE-2019-9374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9374"
    },
    {
      "name": "CVE-2019-9366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9366"
    },
    {
      "name": "CVE-2019-2081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2081"
    },
    {
      "name": "CVE-2019-9265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9265"
    },
    {
      "name": "CVE-2019-9253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9253"
    },
    {
      "name": "CVE-2019-9382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9382"
    },
    {
      "name": "CVE-2019-9309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9309"
    },
    {
      "name": "CVE-2019-2150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2150"
    },
    {
      "name": "CVE-2019-9321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9321"
    },
    {
      "name": "CVE-2019-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2139"
    },
    {
      "name": "CVE-2019-9410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9410"
    },
    {
      "name": "CVE-2019-2078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2078"
    },
    {
      "name": "CVE-2019-2140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2140"
    },
    {
      "name": "CVE-2019-9280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9280"
    },
    {
      "name": "CVE-2019-2080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2080"
    },
    {
      "name": "CVE-2019-9241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9241"
    },
    {
      "name": "CVE-2019-2145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2145"
    },
    {
      "name": "CVE-2019-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2172"
    },
    {
      "name": "CVE-2019-9432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9432"
    },
    {
      "name": "CVE-2019-2074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2074"
    },
    {
      "name": "CVE-2019-9395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9395"
    },
    {
      "name": "CVE-2019-9381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9381"
    },
    {
      "name": "CVE-2019-9263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9263"
    },
    {
      "name": "CVE-2019-9414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9414"
    },
    {
      "name": "CVE-2019-9257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9257"
    },
    {
      "name": "CVE-2019-2160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2160"
    },
    {
      "name": "CVE-2019-9323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9323"
    },
    {
      "name": "CVE-2019-9435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9435"
    },
    {
      "name": "CVE-2019-2066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2066"
    },
    {
      "name": "CVE-2019-9269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9269"
    },
    {
      "name": "CVE-2019-9392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9392"
    },
    {
      "name": "CVE-2019-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9312"
    },
    {
      "name": "CVE-2019-2082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2082"
    },
    {
      "name": "CVE-2019-2154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2154"
    },
    {
      "name": "CVE-2019-9286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9286"
    },
    {
      "name": "CVE-2019-9261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9261"
    },
    {
      "name": "CVE-2019-9420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9420"
    },
    {
      "name": "CVE-2019-9342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9342"
    },
    {
      "name": "CVE-2019-9390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9390"
    },
    {
      "name": "CVE-2019-2147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2147"
    },
    {
      "name": "CVE-2019-2064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2064"
    },
    {
      "name": "CVE-2019-9247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9247"
    },
    {
      "name": "CVE-2019-9258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9258"
    },
    {
      "name": "CVE-2019-2164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2164"
    },
    {
      "name": "CVE-2019-9331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9331"
    },
    {
      "name": "CVE-2019-2084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2084"
    },
    {
      "name": "CVE-2019-9335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9335"
    },
    {
      "name": "CVE-2019-9250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9250"
    },
    {
      "name": "CVE-2019-2055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2055"
    },
    {
      "name": "CVE-2019-9308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9308"
    },
    {
      "name": "CVE-2019-9379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9379"
    },
    {
      "name": "CVE-2019-9242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9242"
    },
    {
      "name": "CVE-2019-9353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9353"
    },
    {
      "name": "CVE-2019-2083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2083"
    },
    {
      "name": "CVE-2019-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2079"
    },
    {
      "name": "CVE-2019-9337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9337"
    },
    {
      "name": "CVE-2019-9237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9237"
    },
    {
      "name": "CVE-2019-9283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9283"
    },
    {
      "name": "CVE-2019-9234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9234"
    },
    {
      "name": "CVE-2019-9243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9243"
    },
    {
      "name": "CVE-2019-9259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9259"
    },
    {
      "name": "CVE-2019-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9310"
    },
    {
      "name": "CVE-2019-9301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9301"
    },
    {
      "name": "CVE-2019-9279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9279"
    },
    {
      "name": "CVE-2019-9369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9369"
    },
    {
      "name": "CVE-2019-2065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2065"
    },
    {
      "name": "CVE-2019-9299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9299"
    },
    {
      "name": "CVE-2019-9235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9235"
    },
    {
      "name": "CVE-2019-9346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9346"
    },
    {
      "name": "CVE-2019-9376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9376"
    },
    {
      "name": "CVE-2019-9370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9370"
    },
    {
      "name": "CVE-2019-9289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9289"
    },
    {
      "name": "CVE-2019-9329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9329"
    },
    {
      "name": "CVE-2019-9327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9327"
    },
    {
      "name": "CVE-2018-9489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9489"
    },
    {
      "name": "CVE-2019-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9402"
    },
    {
      "name": "CVE-2019-2144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2144"
    },
    {
      "name": "CVE-2019-9398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9398"
    },
    {
      "name": "CVE-2019-9315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9315"
    },
    {
      "name": "CVE-2019-9338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9338"
    },
    {
      "name": "CVE-2019-9415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9415"
    },
    {
      "name": "CVE-2019-9440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9440"
    },
    {
      "name": "CVE-2019-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9287"
    },
    {
      "name": "CVE-2019-9285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9285"
    },
    {
      "name": "CVE-2019-9320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9320"
    },
    {
      "name": "CVE-2019-9316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9316"
    },
    {
      "name": "CVE-2019-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9233"
    },
    {
      "name": "CVE-2019-9355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9355"
    },
    {
      "name": "CVE-2019-2152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2152"
    },
    {
      "name": "CVE-2019-2165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2165"
    },
    {
      "name": "CVE-2019-9380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9380"
    },
    {
      "name": "CVE-2019-9368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9368"
    },
    {
      "name": "CVE-2019-9372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9372"
    },
    {
      "name": "CVE-2019-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9318"
    },
    {
      "name": "CVE-2019-9403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9403"
    },
    {
      "name": "CVE-2018-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9425"
    },
    {
      "name": "CVE-2019-9244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9244"
    },
    {
      "name": "CVE-2019-9295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9295"
    },
    {
      "name": "CVE-2019-9306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9306"
    },
    {
      "name": "CVE-2019-9375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9375"
    },
    {
      "name": "CVE-2019-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2146"
    },
    {
      "name": "CVE-2019-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2068"
    },
    {
      "name": "CVE-2019-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2171"
    },
    {
      "name": "CVE-2019-9268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9268"
    },
    {
      "name": "CVE-2019-9400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9400"
    },
    {
      "name": "CVE-2019-9336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9336"
    },
    {
      "name": "CVE-2019-9416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9416"
    },
    {
      "name": "CVE-2019-9438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9438"
    },
    {
      "name": "CVE-2019-9343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9343"
    },
    {
      "name": "CVE-2019-9401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9401"
    },
    {
      "name": "CVE-2019-2167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2167"
    },
    {
      "name": "CVE-2019-9288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9288"
    },
    {
      "name": "CVE-2019-9238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9238"
    },
    {
      "name": "CVE-2019-9333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9333"
    },
    {
      "name": "CVE-2019-9347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9347"
    },
    {
      "name": "CVE-2019-9325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9325"
    },
    {
      "name": "CVE-2019-2075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2075"
    },
    {
      "name": "CVE-2019-9240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9240"
    },
    {
      "name": "CVE-2019-2149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2149"
    },
    {
      "name": "CVE-2019-9294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9294"
    },
    {
      "name": "CVE-2019-9421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9421"
    },
    {
      "name": "CVE-2019-9239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9239"
    },
    {
      "name": "CVE-2019-9341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9341"
    },
    {
      "name": "CVE-2019-2156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2156"
    },
    {
      "name": "CVE-2019-9418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9418"
    },
    {
      "name": "CVE-2019-9304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9304"
    },
    {
      "name": "CVE-2019-2158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2158"
    },
    {
      "name": "CVE-2019-2061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2061"
    },
    {
      "name": "CVE-2019-9328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9328"
    },
    {
      "name": "CVE-2019-9409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9409"
    },
    {
      "name": "CVE-2019-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9251"
    },
    {
      "name": "CVE-2019-9386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9386"
    },
    {
      "name": "CVE-2019-9378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9378"
    },
    {
      "name": "CVE-2019-9357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9357"
    },
    {
      "name": "CVE-2019-9266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9266"
    },
    {
      "name": "CVE-2019-9431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9431"
    },
    {
      "name": "CVE-2019-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2143"
    },
    {
      "name": "CVE-2019-2168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2168"
    },
    {
      "name": "CVE-2019-9417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9417"
    },
    {
      "name": "CVE-2019-9394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9394"
    },
    {
      "name": "CVE-2019-9282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9282"
    },
    {
      "name": "CVE-2019-9391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9391"
    },
    {
      "name": "CVE-2019-2170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2170"
    },
    {
      "name": "CVE-2019-9291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9291"
    },
    {
      "name": "CVE-2019-9296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9296"
    },
    {
      "name": "CVE-2019-9351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9351"
    },
    {
      "name": "CVE-2019-2076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2076"
    },
    {
      "name": "CVE-2019-2086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2086"
    },
    {
      "name": "CVE-2019-9399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9399"
    },
    {
      "name": "CVE-2019-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2151"
    },
    {
      "name": "CVE-2019-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9425"
    },
    {
      "name": "CVE-2019-9384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9384"
    },
    {
      "name": "CVE-2019-9408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9408"
    },
    {
      "name": "CVE-2019-9305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9305"
    },
    {
      "name": "CVE-2019-2085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2085"
    },
    {
      "name": "CVE-2019-9249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9249"
    },
    {
      "name": "CVE-2019-9330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9330"
    },
    {
      "name": "CVE-2019-9260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9260"
    },
    {
      "name": "CVE-2019-2060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2060"
    },
    {
      "name": "CVE-2019-9396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9396"
    },
    {
      "name": "CVE-2019-9293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9293"
    },
    {
      "name": "CVE-2019-9428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9428"
    },
    {
      "name": "CVE-2019-9358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9358"
    },
    {
      "name": "CVE-2019-9371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9371"
    },
    {
      "name": "CVE-2019-9393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9393"
    },
    {
      "name": "CVE-2019-2161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2161"
    },
    {
      "name": "CVE-2019-9278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9278"
    },
    {
      "name": "CVE-2019-9373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9373"
    },
    {
      "name": "CVE-2019-9298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9298"
    }
  ],
  "initial_release_date": "2019-08-21T00:00:00",
  "last_revision_date": "2019-08-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-405",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 20 ao\u00fbt 2019",
      "url": "https://source.android.com/security/bulletin/android-q.html"
    }
  ]
}

GHSA-WWVF-M6J5-65JW

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-10-14 12:00

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774",
  "id": "GHSA-wwvf-m6j5-65jw",
  "modified": "2022-10-14T12:00:21Z",
  "published": "2022-05-24T22:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9278"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexif/libexif/issues/26"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2020/Feb/9"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-05"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-10"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4277-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4618"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-9278

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-9278

Aliases

CVE-2019-9278

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9278",
    "description": "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774",
    "id": "GSD-2019-9278",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-9278.html",
      "https://www.debian.org/security/2020/dsa-4618",
      "https://access.redhat.com/errata/RHSA-2020:4766",
      "https://access.redhat.com/errata/RHSA-2020:4040",
      "https://ubuntu.com/security/CVE-2019-9278",
      "https://advisories.mageia.org/CVE-2019-9278.html",
      "https://security.archlinux.org/CVE-2019-9278",
      "https://linux.oracle.com/cve/CVE-2019-9278.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9278"
      ],
      "details": "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774",
      "id": "GSD-2019-9278",
      "modified": "2023-12-13T01:23:47.606861Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2019-9278",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Android-10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://source.android.com/security/bulletin/android-10",
            "refsource": "MISC",
            "url": "https://source.android.com/security/bulletin/android-10"
          },
          {
            "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
          },
          {
            "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
          },
          {
            "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
          },
          {
            "name": "DSA-4618",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4618"
          },
          {
            "name": "[debian-lts-announce] 20200210 [SECURITY] [DLA 2100-1] libexif security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html"
          },
          {
            "name": "20200210 [SECURITY] [DSA 4618-1] libexif security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2020/Feb/9"
          },
          {
            "name": "https://github.com/libexif/libexif/issues/26",
            "refsource": "CONFIRM",
            "url": "https://github.com/libexif/libexif/issues/26"
          },
          {
            "name": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566",
            "refsource": "CONFIRM",
            "url": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566"
          },
          {
            "name": "USN-4277-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4277-1/"
          },
          {
            "name": "openSUSE-SU-2020:0264",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0793",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
          },
          {
            "name": "FEDORA-2020-b4db792558",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/"
          },
          {
            "name": "FEDORA-2020-085150ac6e",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/"
          },
          {
            "name": "GLSA-202007-05",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202007-05"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2019-9278"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                },
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/android-10",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/android-10"
            },
            {
              "name": "[oss-security] 20191025 Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/25/17"
            },
            {
              "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1"
            },
            {
              "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1"
            },
            {
              "name": "DSA-4618",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4618"
            },
            {
              "name": "[debian-lts-announce] 20200210 [SECURITY] [DLA 2100-1] libexif security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00007.html"
            },
            {
              "name": "20200210 [SECURITY] [DSA 4618-1] libexif security update",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/9"
            },
            {
              "name": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566"
            },
            {
              "name": "https://github.com/libexif/libexif/issues/26",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/libexif/libexif/issues/26"
            },
            {
              "name": "USN-4277-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4277-1/"
            },
            {
              "name": "openSUSE-SU-2020:0264",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0793",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
            },
            {
              "name": "FEDORA-2020-b4db792558",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VA5BPQLOFXIZOOJHBYDU635Z5KLUMTDD/"
            },
            {
              "name": "FEDORA-2020-085150ac6e",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO2VTHD7OLPJDCJBHKUQTBAHZOBBCF6X/"
            },
            {
              "name": "GLSA-202007-05",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-05"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-14T01:47Z",
      "publishedDate": "2019-09-27T19:15Z"
    }
  }
}

CVE-2019-9278

Vulnerability from fstec - Published: 27.09.2019

Title

Уязвимость библиотеки для грамматического разбора EXIF-файлов libexif, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость библиотеки для грамматического разбора EXIF-файлов libexif вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., АО «Концерн ВНИИНС»

Software Name

Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Libexif, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 12.04 ESM (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 19.10 (Ubuntu), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 0.6.21-6 (Libexif), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Libexif : Обновление программного обеспечения до 0.6.21-6 или более поздней версии Для Debian: Обновление программного обеспечения (пакета libexif) до 0.6.21-2+deb9u1 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета libexif) до 0.6.21-2+deb9u1 или более поздней версии Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html Для Ubuntu: https://usn.ubuntu.com/4277-1/ Для ОС ОН «Стрелец»: Обновление программного обеспечения libexif до версии 0.6.21-2+deb9u5

Reference

https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html https://usn.ubuntu.com/4277-1/ https://source.android.com/security/bulletin/android-10 https://source.android.com/security/bulletin/android-10 https://nvd.nist.gov/vuln/detail/CVE-2019-9278 https://security-tracker.debian.org/tracker/CVE-2019-9278 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12.04 ESM (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 19.10 (Ubuntu), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 0.6.21-6 (Libexif), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Libexif :\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 0.6.21-6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libexif) \u0434\u043e 0.6.21-2+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libexif) \u0434\u043e 0.6.21-2+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4277-1/\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libexif \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 0.6.21-2+deb9u5",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.09.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01749",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-9278",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Libexif, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 12.04 ESM , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Canonical Ltd. Ubuntu 19.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0433\u0440\u0430\u043c\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0430 EXIF-\u0444\u0430\u0439\u043b\u043e\u0432 libexif, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0433\u0440\u0430\u043c\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0437\u0431\u043e\u0440\u0430 EXIF-\u0444\u0430\u0439\u043b\u043e\u0432 libexif \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e,  \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html\nhttps://usn.ubuntu.com/4277-1/\nhttps://source.android.com/security/bulletin/android-10\nhttps://source.android.com/security/bulletin/android-10\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9278\nhttps://security-tracker.debian.org/tracker/CVE-2019-9278\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20200429SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CNVD-2019-40853

Vulnerability from cnvd - Published: 2019-11-15

Title

Google Android Media Framework代码执行漏洞（CNVD-2019-40853）

Description

Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。Media Framework是其中的一个多媒体开发框架。 Android中的Media Framework存在代码执行漏洞。攻击者可利用该漏洞执行代码。

Severity

中

Patch Name

Google Android Media Framework代码执行漏洞（CNVD-2019-40853）的补丁

Patch Description

Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。Media Framework是其中的一个多媒体开发框架。 Android中的Media Framework存在代码执行漏洞。攻击者可利用该漏洞执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://source.android.com/security/bulletin/android-q.html

Reference

https://source.android.com/security/bulletin/android-q.html

Impacted products

Name
Google Android 10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9278",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-9278"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Media Framework\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u591a\u5a92\u4f53\u5f00\u53d1\u6846\u67b6\u3002\n\nAndroid\u4e2d\u7684Media Framework\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://source.android.com/security/bulletin/android-q.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-40853",
  "openTime": "2019-11-15",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Media Framework\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u591a\u5a92\u4f53\u5f00\u53d1\u6846\u67b6\u3002\r\n\r\nAndroid\u4e2d\u7684Media Framework\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android Media Framework\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2019-40853\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android 10"
  },
  "referenceLink": "https://source.android.com/security/bulletin/android-q.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-26",
  "title": "Google Android Media Framework\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2019-40853\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9278 (GCVE-0-2019-9278)

FKIE_CVE-2019-9278

CERTFR-2019-AVI-405

Solution

GHSA-WWVF-M6J5-65JW

GSD-2019-9278

CVE-2019-9278

CNVD-2019-40853

Tags

Sightings

Nomenclature