CVE-2022-20532Integer Overflow or Wraparound in Google Android

CWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 23.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks AVGoogle Android
Timeline
PublishedMar 24

Description

In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-13
NVDgoogle/android13.0
Androidplatform/frameworks_av13:013:2023-03-01

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
CVEList
CVE-2022-20532: In parseTrackFragmentRun() of MPEG4Extractor2023-03-24
GHSA
GHSA-qwv2-3fqv-753q: In parseTrackFragmentRun() of MPEG4Extractor2023-03-24
OSV
CVE-2022-20532: In parseTrackFragmentRun() of MPEG4Extractor2023-03-01
CVE-2022-20532 — Integer Overflow or Wraparound | cvebase