CVE-2024-0023

HIGH

Android - Out-of-bounds Write in ConvertRGBToPlanarYUV

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0023. PoCs published by AbrarKhan.

AI-analyzed exploit summary This repository contains source code files from the Android Open Source Project (AOSP) camera framework, specifically related to CVE-2024-0023. The code includes implementations of camera functionalities but lacks explicit exploit code or detailed vulnerability analysis.

Description

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WRITEUP
by AbrarKhan · poc
https://github.com/AbrarKhan/G3_Frameworks_av_CVE-2024-0023

This repository contains source code files from the Android Open Source Project (AOSP) camera framework, specifically related to CVE-2024-0023. The code includes implementations of camera functionalities but lacks explicit exploit code or detailed vulnerability analysis.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: Android Open Source Project (AOSP) Camera Framework
No auth needed
Prerequisites: Access to Android camera framework source code
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0039
EPSS Percentile 30.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (5)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
google/android 14.0
Published Feb 16, 2024
Tracked Since Feb 18, 2026