CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
In opencv calls that use libpng, there is a possible out of bounds write
due to a missing bounds check. This could lead to local escalation of
privilege with no additional execution privileges required. User
interaction is not required for exploitation. Product: AndroidVersions:
Android-10Android ID: A-110986616
Author | Note |
---|---|
mdeslaur | no details as of 2020-03-09 |
ccdm94 | no details as of 2022-08-23. This CVE was disclosed by Android and it possibly affects the opencv software. More information was requested by members of the community so that the vulnerability status for the Linux implementation of the opencv software could be determined, however, no response was provided. No known upstream patch is available. |
rodrigo-zaiden | no details as of 2022-10-24. |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%