CVE-2022-20107Integer Overflow or Wraparound in Google Android

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
4.4MEDIUMNVD
OSV7.6
EPSS
0.1%
top 84.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google AndroidLinux Kernel
Timeline
PublishedMay 3
Latest updateFeb 27

Description

In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android10.0, 11.0, 9.0+2
NVDlinux/linux_kernel4.19, 4.9+1

🔴Vulnerability Details

2
OSV
python3.9 vulnerabilities2023-02-27
GHSA
GHSA-9r5j-hrx8-q34w: In subtitle service, there is a possible application crash due to an integer overflow2022-05-04
CVE-2022-20107 — Integer Overflow or Wraparound | cvebase