CVE-2019-2201

Name of the Vulnerable Software and Affected Versions Android versions 8.0 through 10

Description The issue is related to a possible out of bounds write due to a missing bounds check in the generate jsimd ycc rgb convert neon function of jsimd arm64 neon.S. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is required for exploitation. The vulnerability is also associated with incorrect compression/unpacking of gigapixel images in the Libjpeg-turbo library, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can cause an integer overflow and subsequent heap corruption when processing specially crafted JPEG files.

Recommendations For Android versions 8.0 through 10, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.