| Vulnerability Name: | CVE-2019-2044 (CCN-160732) | ||||||||||||
| Assigned: | 2018-12-10 | ||||||||||||
| Published: | 2019-05-06 | ||||||||||||
| Updated: | 2019-05-09 | ||||||||||||
| Summary: | In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862 | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-787 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-2044 Source: CCN Type: Google Web site Android Source: XF Type: UNKNOWN android-cve20192044-code-exec(160732) Source: CCN Type: Android Open Source Project Android Security Bulletin May 2019 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2019-05-01 Source: CCN Type: WhiteSource Vulnerability Database CVE-2019-2044 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||