PT-2019-5844 · Google+4 · Android+4

Published

2019-09-08

·

Updated

2024-06-15

·

CVE-2020-0499

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Android versions Android-11
Description The issue is related to a possible out of bounds read due to a heap buffer overflow in the FLAC bitreader read rice signed block function of bitreader.c. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is required for exploitation.
Recommendations For Android version Android-11, consider restricting access to the FLAC bitreader read rice signed block function until a patch is available. As a temporary workaround, avoid using the affected bitreader.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2021-03402
CVE-2020-0499
DLA-2514-1
MGASA-2020-0480
OESA-2022-1697
OPENSUSE-SU-2020:2348-1
OPENSUSE-SU-2020:2350-1
OPENSUSE-SU-2020_2348-1
OPENSUSE-SU-2020_2350-1
OPENSUSE-SU-2022:10252-1
OPENSUSE-SU-2024:11885-1
OPENSUSE-SU-2024:11951-1
SUSE-SU-2020:3933-1
SUSE-SU-2021:0017-1
SUSE-SU-2021_0017-1
USN-5733-1

Affected Products

Android
Astra Linux
Linuxmint
Suse
Ubuntu