CVE-2024-49714 — Heap-based Buffer Overflow

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	packages_modules_bluetooth	>= 13:0 < 13:2025-09-01	13:2025-09-01
platform	packages_modules_bluetooth	>= 14:0 < 14:2025-09-01	14:2025-09-01
platform	packages_modules_bluetooth	>= 16-next:0 < 16-next:2025-09-01	16-next:2025-09-01

GHSA

GHSA-7fg6-6p3j-x939: In avrc_vendor_msg of avrc_opt

ghsa_unreviewed·2025-09-04

CVE-2024-49714 [HIGH] CWE-122 GHSA-7fg6-6p3j-x939: In avrc_vendor_msg of avrc_opt In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2024-49714: In avrc_vendor_msg of avrc_opt

osv·2025-09-01

CVE-2024-49714 CVE-2024-49714: In avrc_vendor_msg of avrc_opt In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2024-49714: Android Security Bulletin 2025-09-01 CVE: CVE-2024-49714 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-271962784

vendor_android·2025-09-01·CVSS 7.8

CVE-2024-49714 [HIGH] CVE-2024-49714: Android Security Bulletin 2025-09-01 CVE: CVE-2024-49714 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-271962784 Android Security Bulletin 2025-09-01 CVE: CVE-2024-49714 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-271962784

CVE-2024-49714: In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of…

Affected