CVE-2019-2044

HIGH

Android - Out-of-bounds Write in APacketSource.cpp

Title source: llm
STIX 2.1

Description

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-05-01

Scores

CVSS v3 8.8
EPSS 0.0115
EPSS Percentile 63.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (6)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published May 08, 2019
Tracked Since Feb 18, 2026