CVE-2023-44124

MEDIUM

Screen recording <com/lge/gametools/gamerecorder - Info Disclosure

Title source: llm

Description

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.

References (1)

[Vendor Advisory] https://lgsecurity.lge.com/bulletins/mobile#updateDetails

Scores

CVSS v3 6.1

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-927 CWE-668

Status published

Products (2)

google/android 12.0

google/android 13.0

Published Sep 27, 2023

Tracked Since Feb 18, 2026