PT-2020-11524 · Google · Android
Published
2020-06-11
·
Updated
2020-06-11
·
CVE-2020-0163
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions Android-10
Description
The issue is related to improper input validation in the parseSampleAuxiliaryInformationSizes function of MPEG4Extractor.cpp. This could lead to resource exhaustion, resulting in a remote denial of service. No additional execution privileges are needed for exploitation, but user interaction is required.
Recommendations
For Android version Android-10, update to a version that includes the fix for the improper input validation issue in the parseSampleAuxiliaryInformationSizes function of MPEG4Extractor.cpp.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android