Published: 28/02/2019 Updated: 01/03/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 829

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 7.1.2
google android 9.0
google android 7.0
google android 7.1.1
google android 8.1
google android 8.0

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

The Register • Shaun Nichols in San Francisco • 07 Feb 2019

Malicious Bluetooth signals, too, it looks like

Google has emitted security fixes for Android that should be installed, should you get the chance, as they can be potentially exploited to hijack devices. The worst vulnerability in the latest monthly batch, according to the ad giant, is one in which a maliciously crafted PNG image could execute code smuggled within the file, if an application views it. Thus an evil .PNG file opened by a chat app or email reader, say, could start running malware on the device with high-level privileges. Two othe...

CVE-2019-1987

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect