CVE-2021-0519

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 11

Description: In the BITSTREAM FLUSH function of ih264e bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The issue is related to the Media Framework platform and could lead to elevation of privileges on Android 8.1 and 9 devices or information disclosure on Android 10 and 11 devices.

Recommendations: For Android versions 8.1 through 11, update the operating system to the latest version that includes the security patch for this issue. As a temporary workaround, consider restricting access to the ih264e bitstream.h module to minimize the risk of exploitation. Avoid using the BITSTREAM FLUSH function until the issue is resolved.