CVE-2019-9423
Published: 27 September 2019
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
Notes
Author | Note |
---|---|
mdeslaur | no details as of 2020-03-09 |
ccdm94 | no details as of 2022-08-23. This CVE was disclosed by Android and it possibly affects the opencv software. More information was requested by members of the community so that the vulnerability status for the Linux implementation of the opencv software could be determined, however, no response was provided. No known upstream patch is available. |
rodrigo-zaiden | no details as of 2022-10-24. |
Priority
Status
Package | Release | Status |
---|---|---|
opencv Launchpad, Ubuntu, Debian |
bionic |
Deferred
(2022-10-24)
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Deferred
(2022-10-24)
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Deferred
(2022-10-24)
|
|
kinetic |
Ignored
(end of life, was deferred [2022-10-24])
|
|
lunar |
Ignored
(end of life, was deferred [2022-10-24])
|
|
mantic |
Deferred
(2022-10-24)
|
|
trusty |
Deferred
(2022-10-24)
|
|
upstream |
Needed
|
|
xenial |
Deferred
(2020-03-09)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |