CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21285

CVE-2023-21285 affects Android’s MediaSessionRecord.java, where a flawed setMetadata function could allow a local attacker to view another user’s images via a confused deputy. The issue enables local information disclosure without additional execution privileges and does not require user interact...

CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates from a messy proxy in the setMetadata module of MediaSessionRecord.java, which can be exploited by an attacker to obtain sensitive...

PT-2023-18064 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a confused deputy in the setMetadata function of MediaSessionRecord.java. This could lead to local information disclosure, allowing an attacker to view another...

ASB-A-271851153

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

LG MRA58K - ASFParser::SetMetaData Stack Overflow

LG MRA58K - ASFParser::SetMetaData Stack Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1226 There are three variants of the below crash, all of which stemming from an unbound copy into a fixed size stack buffer allocated in the function ASFParser::SetMetaData, used as...

LG MRA58K - ASFParser::SetMetaData Stack Overflow Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1226 There are three variants of the below crash, all of which stemming from an unbound copy into a fixed size stack buffer allocated in the function ASFParser::SetMetaData, used a...

Internet Bug Bounty: Adobe Flash Player Metadata class Memory Corruption Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to memory corruption because of improper validation of Metadata.setMetadata. ------------------------------------------------------------------ II. Description Adobe Flash is a multimedia and software platform used for authorin...