CVE-2024-23709

MEDIUM

Android - Out-of-bounds Write via Heap Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23709. PoCs published by AbrarKhan.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-23709, targeting a vulnerability in the Sonivox EAS library. The code includes critical synthesizer components with potential memory corruption or integer overflow issues, as indicated by the presence of error logs and specific checks.

Description

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Exploits (1)

nomisec WORKING POC 1 stars
by AbrarKhan · poc
https://github.com/AbrarKhan/external_sonivox_CVE-2024-23709

The repository contains functional exploit code for CVE-2024-23709, targeting a vulnerability in the Sonivox EAS library. The code includes critical synthesizer components with potential memory corruption or integer overflow issues, as indicated by the presence of error logs and specific checks.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sonivox EAS library (version not specified)
No auth needed
Prerequisites: Access to the target system running the vulnerable Sonivox EAS library
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0079
EPSS Percentile 51.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (4)
google/android 12.0
google/android 12.1
google/android 13.0
google/android 14.0
Published May 07, 2024
Tracked Since Feb 18, 2026