CVE-2022-20496

Name of the Vulnerable Software and Affected Versions Android versions Android-12 through Android-13

Description In the setDataSource function of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android versions Android-12 through Android-13, consider restricting access to the setDataSource function in initMediaExtractor.cpp to minimize the risk of exploitation until a patch is available.