AndroidVulnerabilities.org

CVE-2019-2109

(json)

• CVE numbers: CVE-2019-2109 [Bulletin-CVE-2019-2109]
• Coordinated disclosure?: unknown
• Categories: Media framework
• Details: In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570. [NIST-CVE-2019-2109]
• Discovered by: on: Unknown
• Reported on: 2019-07-01 [Bulletin-CVE-2019-2109]
• Fixed on: Unknown
• Fix released on: 2019-07-05 [Bulletin-CVE-2019-2109]
• Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2019-2109] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2019-2109]
• Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1 [Bulletin-CVE-2019-2109]
• Submission: by: Daniel Carter, on: 2019-07-24