In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351
En MPEG4Extractor, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una ejecución de código remota en el extractor multimedia sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. Producto: Android, Versiones: Android-10, ID de Android: A-111792351
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:M/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-190
en
CWE-787
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| android | 10.0 | <built-in method update of dict object at 0x72a9b0b48840> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:* |