CVE-2020-0451

2020-11-1012:49:50

google_android

www.cve.org

android

heap buffer overflow

remote code execution

user interaction

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

50.9%

JSON

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825

CNA Affected

[
  {
    "product": "Android",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Android-10 Android-11 Android-9 Android-8.0 Android-8.1"
      }
    ]
  }
]

References

source.android.com/security/bulletin/2020-11-01