CVE-2023-44129

🗓️ 27 Sep 2023 14:10:56Reported by LGEType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 40 Views🌐 WEB

CVE-2023-44129: Vulnerability in LG Messaging app allows arbitrary content provider acces

Reporter	Title	Published	Views	Family All 9
CNNVD	LG Mobile Security Breach	27 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-44129 Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity	27 Sep 202314:10	–	cvelist
EUVD	EUVD-2023-48488	3 Oct 202520:07	–	euvd
NVD	CVE-2023-44129	27 Sep 202315:19	–	nvd
OSV	CVE-2023-44129	27 Sep 202315:19	–	osv
Prion	Design/Logic Flaw	27 Sep 202315:19	–	prion
Positive Technologies	PT-2023-29123 · Google · Com.Android.Mms	27 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-44129	23 May 202505:37	–	redhatcve
Vulnrichment	CVE-2023-44129 Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity	27 Sep 202314:10	–	vulnrichment

NVD

Node

google androidRange12.0–13.0

AND

lg v60_thin_q_5gMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "LG V60 Thin Q 5G(LMV600VM)",
    "vendor": "LG Electronics",
    "versions": [
      {
        "lessThanOrEqual": "13",
        "status": "affected",
        "version": "Android 12",
        "versionType": "Android"
      }
    ]
  }
]

Source	Link
lgsecurity	www.lgsecurity.lge.com/bulletins/mobile

Parameter	Position	Path	Description	CWE
action	path	com.android.mms.ui.QClipIntentReceiverActivity	Exported activity can be abuses via com.lge.message.action.QCLIP broadcast to reveal content providers with grantUriPermissions.	CWE-926
flags	path	com.android.mms.ui.QClipIntentReceiverActivity	Exported activity can be abuses via com.lge.message.action.QCLIP broadcast to reveal content providers with grantUriPermissions.	CWE-926

17 Jun 2026 06:26Current

4Medium risk

Vulners AI Score4

CVSS 3.13.3 - 3.6

EPSS0.00094

SSVC

CWE-926