ASB-A-170583712 — Vulnetix

ASB-A-170583712 PUBLISHED CVSS 8.600000381469727 HIGH

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
platform	frameworks/av	8.0:0, 8.0, 8.1:0

Timeline

Jan 1, 2021 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2021-01-01 advisory
https://android.googlesource.com/platform/frameworks/av/+/bb460899b97f260e7ed556b578318b1133335e1c patch

Open in Interactive Console →