CVE-2019-2180
Published: 5 September 2019
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
cups Launchpad, Ubuntu, Debian |
bionic |
Released
(2.2.7-1ubuntu2.7)
|
| focal |
Not vulnerable
(2.3.1-9ubuntu1.1)
|
|
| groovy |
Not vulnerable
|
|
| hirsute |
Not vulnerable
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.2.12-1)
|
|
| xenial |
Needs triage
|
Notes
| Author | Note |
|---|---|
| mdeslaur | this CVE is for the "Fixed IPP buffer overflow (rdar://50035411)" part of the commit This was fixed in bionic by CVE-2019-86xx.patch |