ASB-A-160265164 — Vulnetix

ASB-A-160265164 PUBLISHED CVSS 8.600000381469727 HIGH

In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	system/media	8.0:0, 8.0, 8.1

Timeline

Dec 1, 2020 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2020-12-01 advisory
https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2 patch
https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be patch

Open in Interactive Console →