exploitDog

CVE-2022-20532

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894

Ссылки

https://source.android.com/security/bulletin/pixel/2023-03-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-03-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01176

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-190

CWE-190

Связанные уязвимости

GHSA-qwv2-3fqv-753q

CVSS3: 9.8

github

почти 3 года назад

In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894

EPSS

Процентиль: 78%

0.01176

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-190

CWE-190