CVE-2019-9423 — Out-of-bounds Write in OpenCV

Description

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616

How to fix CVE-2019-9423

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed
—no fix listed
—no fix listed
—no fix listed

Is CVE-2019-9423 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, <= 4.1.1.26
from 0, <= 4.1.1.26
from 0, <= 4.1.1.26
from 0, <= 4.1.1.26

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-9423
PATCHgithub.com/opencv/opencv-python
WEBsource.android.com/security/bulletin/android-10
WEBwww.openwall.com/lists/oss-security/2019/10/25/17
WEB