[Japanese]
|
JVNDB-2019-000060
|
Multiple integer overflow vulnerabilities in LINE(Android)
|
LINE(Android) provided by LINE Corporation contains multiple integer overflow vulnerabilities (CWE-190) listed below.
* Integer overflow vulnerability in processing images using apng-drawable - CVE-2019-6007
* Integer overflow vulnerability in processing images - CVE-2019-6010
LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and LINE Corporation coordinated under the Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 6.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
CVSS V2 Severity: Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2019-6010
|
CVSS V3 Severity:
Base Metrics:
5.3 (Medium) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: Low
-
Integrity Impact: Low
-
Availability Impact: Low
CVSS V2 Severity:Base Metrics:
6.8 (Medium)
[IPA Score]
-
Access Vector: Network
-
Access Complexity: Medium
-
Authentication: None
-
Confidentiality Impact: Partial
-
Integrity Impact: Partial
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2019-6007
|
|
LINE Corporation
- LINE (Android) from 4.4.0 to the version before 9.15.1
|
|
Having a user read a specially crafted image on LINE Android may cause the application to crash, or may lead arbitrary code being executed by a remote attacker.
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
The developer states that fixes for several bugs and issues are also contained in the updated version, thus the developer recommends users to apply the update.
|
LINE Corporation
|
- Numeric Errors(CWE-189) [IPA Evaluation]
|
- CVE-2019-6007
- CVE-2019-6010
|
- JVN : JVN#97845465
- National Vulnerability Database (NVD) : CVE-2019-6007
- National Vulnerability Database (NVD) : CVE-2019-6010
|
- [2019/09/19]
Web page was published
- [2019/10/08]
References : Content was added
- [2019/10/18]
Vendor Information : Content was added
|