CVE-2023-35687

HIGH

Android - Use-After-Free in MtpPropertyValue

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-35687. PoCs published by pazhanivel07.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2023-35687, targeting Android's Camera framework. The code includes modifications to the Camera.cpp file and related components, demonstrating the vulnerability in the camera service.

Description

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WORKING POC
by pazhanivel07 · poc
https://github.com/pazhanivel07/frameworks_av_AOSP_10_r33_CVE-2023-35687_CVE-2023-35679

This repository contains a proof-of-concept exploit for CVE-2023-35687, targeting Android's Camera framework. The code includes modifications to the Camera.cpp file and related components, demonstrating the vulnerability in the camera service.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android Open Source Project (AOSP) Camera Framework, version 10 r33
No auth needed
Prerequisites: Access to the target Android device · Ability to compile and deploy the modified code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 4.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (4)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
Published Sep 11, 2023
Tracked Since Feb 18, 2026