CVE-2020-0205

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description A possible out of bounds read due to a missing bounds check in the DaalaBitReader constructor of entropy decoder.cc could lead to remote information disclosure in the media server. No additional execution privileges are needed, but user interaction is required for exploitation.

Recommendations For Android version Android-10, apply the necessary patch or update to fix the issue in the DaalaBitReader constructor. As a temporary workaround, consider restricting access to the media server to minimize the risk of exploitation.