CVE-2019-2106

Name of the Vulnerable Software and Affected Versions Android versions 7.0 through 9

Description The issue is related to a missing bounds check in the ihevcd sao shift ctb function of ihevcd sao.c, which could lead to a possible out of bounds write. This might result in remote code execution without requiring additional execution privileges. User interaction is necessary for exploitation.

Recommendations For Android versions 7.0 through 9, apply the necessary patch to fix the missing bounds check in the ihevcd sao shift ctb function. As a temporary workaround, consider restricting user interaction with potentially malicious inputs until a patch is available.