CVE-2019-2105

2019-07-0817:34:48

google_android

www.cve.org

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

43.1%

JSON

In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182.

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2019-07-01