CVE-2024-0040

HIGH

Android - Heap-based Buffer Overflow in MtpPacket.cpp setParameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0040. PoCs published by uthrasri.

AI-analyzed exploit summary The repository contains a single file, MtpPacket.cpp, which is a legitimate Android MTP (Media Transfer Protocol) packet handling implementation but lacks any exploit code or vulnerability-specific modifications for CVE-2024-0040. It appears to be a placeholder or incomplete PoC.

Description

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec STUB
by uthrasri · poc
https://github.com/uthrasri/frameworks_av_CVE-2024-0040

The repository contains a single file, MtpPacket.cpp, which is a legitimate Android MTP (Media Transfer Protocol) packet handling implementation but lacks any exploit code or vulnerability-specific modifications for CVE-2024-0040. It appears to be a placeholder or incomplete PoC.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Android frameworks/av (MTP implementation)
No auth needed
Prerequisites: Access to Android MTP stack
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0195
EPSS Percentile 77.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-122 CWE-787
Status published
Products (5)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
google/android 14.0
Published Feb 16, 2024
Tracked Since Feb 18, 2026