CVE-2025-20796Improper Validation of Specified Index, Position, or Offset in Input in INC Mediatek Chipset

CWE-1285Improper Validation of Specified Index, Position, or Offset in InputCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-674Uncontrolled RecursionCWE-476NULL Pointer Dereference8 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mediatek INC Mediatek ChipsetGoogle Android
Timeline
PublishedJan 6
Latest updateFeb 13

Description

In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDgoogle/android15.0
CVEListV5mediatek_inc/mediatek_chipsetMT6989, MT8796, MT8893+2

🔴Vulnerability Details

3
GHSA
Mattermost doesn't properly validate channel membership at the time of data retrieval2026-02-13
GHSA
GHSA-gcc9-9787-r555: In imgsys, there is a possible out of bounds write due to improper input validation2026-01-06
CVEList
CVE-2025-20796: In imgsys, there is a possible out of bounds write due to improper input validation2026-01-06

📋Vendor Advisories

2
Microsoft
ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 20222022-05-10
Microsoft
In the GNU C Library (aka glibc or libc6) through 2.29 check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.2019-02-12

🕵️Threat Intelligence

1
Wiz
CVE-2025-20796 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-20796 — INC Mediatek Chipset vulnerability | cvebase