CVE-2019-2108

Name of the Vulnerable Software and Affected Versions Android version 10

Description The issue is related to a missing bounds check in the ihevcd ref list function of ihevcd ref list.c, which could lead to an out of bounds write. This might result in remote code execution without requiring additional execution privileges. User interaction is necessary for exploitation.

Recommendations For Android version 10, consider restricting access to the ihevcd ref list function until a patch is available. As a temporary workaround, avoid using the affected function to minimize the risk of exploitation.