Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-2201

Опубликовано: 13 нояб. 2019
Источник: debian
EPSS Низкий

Описание

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libjpeg-turbofixed1:2.0.5-1package
libjpeg-turbofixed1:1.5.2-2+deb10u1busterpackage
libjpeg-turboignoredjessiepackage

Примечания

  • https://source.android.com/security/bulletin/2019-11-01

  • https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff

  • https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361

  • https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884

  • The description text is wrong, this CVE is about gigapixel images not ARM NEON SIMD code.

  • See https://bugs.gentoo.org/show_bug.cgi?id=699830#c12

  • Followup fix for tjbench: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad

EPSS

Процентиль: 78%
0.01083
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-2201

CVSS3: 7.8
ubuntu
около 6 лет назад

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338

redhat логотип

CVE-2019-2201

CVSS3: 7.8
redhat
больше 6 лет назад

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338

nvd логотип

CVE-2019-2201

CVSS3: 7.8
nvd
около 6 лет назад

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338

suse-cvrf логотип

openSUSE-SU-2019:2530-1

suse-cvrf
около 6 лет назад

Security update for libjpeg-turbo

suse-cvrf логотип

openSUSE-SU-2019:2529-1

suse-cvrf
около 6 лет назад

Security update for libjpeg-turbo

EPSS

Процентиль: 78%
0.01083
Низкий