CVE-2024-20011

CRITICAL

Android - Remote Code Execution via ALAC Decoder Bounds Check Issue

Title source: llm

Description

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.

References (1)

Core 1

Core References

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/February-2024

Scores

CVSS v3 9.8

EPSS 0.0615

EPSS Percentile 90.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-119

Status published

Products (3)

google/android 11.0

google/android 12.0

google/android 13.0

Published Feb 05, 2024

Tracked Since Feb 18, 2026