Main Vulnerability Database Vulnerabilities #VU35309

Integer overflow in Google Android - CVE-2019-9262

Published: September 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35309

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-9262

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351

How to mitigate CVE-2019-9262

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Integer overflow in Google Android - CVE-2019-9262

Detailed vulnerability description

How to mitigate CVE-2019-9262

Sources

Please verify you're human