CVE-2019-1986

CVE numbers: CVE-2019-1986 [Bulletin-CVE-2019-1986]
Coordinated disclosure?: unknown
Categories: Framework
Details: In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472. [NIST-CVE-2019-1986]
Discovered by: Leon Scroggins of Google [Discovery-CVE-2019-1986] on: Unknown
Reported on: 2019-02-01 [Bulletin-CVE-2019-1986]
Fixed on: 2018-11-08 [A-117838472]
Fix released on: 2019-02-05 [Bulletin-CVE-2019-1986]
Affected versions: 9 [Bulletin-CVE-2019-1986] regex: (9.[0-9].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2019-1986]
Fixed versions: 9 [Bulletin-CVE-2019-1986]
Submission: by: Daniel Carter, on: 2019-07-24

AndroidVulnerabilities.org