Published: 14/01/2022 Updated: 08/08/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 9.0
google android 10.0
google android 11.0
google android 12.0

Critical Infrastructure Sectors: Critical Manufacturing

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2021-39623 Libstagefright (Media Framework on Android) with OOB write on the heap  <!-- ...

CVE-2021-39623 Forcedentry state of the art exploit (as I read) used by NSO made it big Libstagefright (Media Framework on Android) with OOB write on the heap (with Scudo) which can possibly own your Mobile by playing an audio file, didn't Note: Not sure if you can do RCE with it Leave it to experts :P Media Framework is sandboxed as I know So you can read/write media,

CWE-787 https://source.android.com/security/bulletin/2022-01-01 https://nvd.nist.gov https://github.com/marcinguy/CVE-2021-39623 https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07

CVE-2021-39623

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect