Candidate: CVE-2019-9423
PublicDate: 2019-09-27 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9423
 https://source.android.com/security/bulletin/android-10
 https://www.openwall.com/lists/oss-security/2019/11/07/1
Description:
 In opencv calls that use libpng, there is a possible out of bounds write
 due to a missing bounds check. This could lead to local escalation of
 privilege with no additional execution privileges required. User
 interaction is not required for exploitation. Product: AndroidVersions:
 Android-10Android ID: A-110986616
Ubuntu-Description:
Notes:
 mdeslaur> no details as of 2020-03-09
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_opencv:
upstream_opencv: needs-triage
precise/esm_opencv: DNE
trusty_opencv: ignored (out of standard support)
trusty/esm_opencv: deferred (2020-03-09)
xenial_opencv: ignored (end of standard support, was deferred [2020-03-09])
bionic_opencv: deferred (2020-03-09)
disco_opencv: ignored (reached end-of-life)
eoan_opencv: ignored (reached end-of-life)
focal_opencv: deferred (2020-03-09)
groovy_opencv: ignored (reached end-of-life)
hirsute_opencv: ignored (reached end-of-life)
impish_opencv: deferred (2020-03-09)
jammy_opencv: deferred (2020-03-09)
devel_opencv: deferred (2020-03-09)