cbcvebase.
CVE-2022-20130
published 2022-06-15

CVE-2022-20130: In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.33%
94.2th percentile
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979

Affected

11 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformexternal_aac>= 10:0 < 10:2022-06-0110:2022-06-01
platformexternal_aac>= 11:0 < 11:2022-06-0111:2022-06-01
platformexternal_aac>= 12:0 < 12:2022-06-0112:2022-06-01
platformexternal_aac>= 12L-next:0 < 12L-next:2022-06-0112L-next:2022-06-01
platformexternal_aac>= 12L:0 < 12L:2022-06-0112L:2022-06-01

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the `transportDec_OutOfBandConfig` function of `tpdec_lib.cpp` — monitor for heap buffer overflow exploitation attempts targeting Android media transport decoder (libFraunhoferAAC / libaudiodec)
  • No user interaction required for exploitation — treat as remotely triggerable via malicious media content; monitor for unexpected crashes or memory corruption in Android media server processes
  • Affected Android versions are 10, 11, 12, and 12L — prioritize detection and patching on unpatched devices running these OS versions
  • ·Patch is tracked under Android internal bug ID A-224314979; verify patch presence via June 2022 Android Security Patch Level (2022-06-01) or later
  • ·Severity is rated CRITICAL with RCE impact and no privilege escalation required, meaning exploitation requires no additional execution privileges

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.