CVE-2018-9496

Name of the Vulnerable Software and Affected Versions Android versions Android-9.0

Description The issue is related to a possible out of bounds write in the ixheaacd real synth fft p3 function of ixheaacd esbr fft.c due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is required for exploitation. The vulnerability is associated with a buffer overflow in the Media framework component of the Android operating system, which can allow a remote attacker to execute arbitrary code.

Recommendations For Android version Android-9.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the ixheaacd real synth fft p3 function until a patch is available.