CVE-2024-20055

2024-04-0102:35:21

MediaTek

www.cve.org

imgsys

information disclosure

bounds check

local info

system execution

user interaction

patch id

issue id

AI Score

6.1

Confidence

High

EPSS

Percentile

9.0%

JSON

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2713, MT8168, MT8173, MT8175, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8673, MT8696, MT8781, MT8795T, MT8798, MT8871",
    "versions": [
      {
        "version": "Android 12.0, 13.0 / Yocto 4.0 / IOT-v23.2",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024