CVE-2021-0952

Name of the Vulnerable Software and Affected Versions Android versions 9 through 12

Description The issue is related to a possible permission bypass due to a confused deputy in the doCropPhoto function of PhotoSelectionHandler.java. This could lead to local information disclosure of a user's contacts without requiring additional execution privileges. User interaction is necessary for exploitation.

Recommendations For Android versions 9 through 12, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.