FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libexif -- privilege escalation

Affected packages
libexif < 0.6.21_5

Details

VuXML ID 00f30cba-4d23-11ea-86ba-641c67a117d8
Discovery 2019-02-06
Entry 2020-02-11

Mitre reports:

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.

References

CVE Name CVE-2019-9278
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
URL https://github.com/libexif/libexif/issues/26
URL https://seclists.org/bugtraq/2020/Feb/9
URL https://security-tracker.debian.org/tracker/CVE-2019-9278