CVE-2022-20532

In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894
References
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

History

28 Mar 2023, 13:27

Type Values Removed Values Added
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-190
References (MISC) https://source.android.com/security/bulletin/pixel/2023-03-01 - (MISC) https://source.android.com/security/bulletin/pixel/2023-03-01 - Patch, Vendor Advisory
First Time Google android
Google

24 Mar 2023, 20:38

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-24 20:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-20532

Mitre link : CVE-2022-20532

CVE.ORG link : CVE-2022-20532


JSON object : View

Products Affected

google

  • android
CWE
CWE-190

Integer Overflow or Wraparound