VDB
ASB-A-423894847
ASB-A-423894847
PUBLISHED
CVSS 8.600000381469727 HIGH
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | external/libopenapv | 16-qpr2-next:0, 16-qpr2-next, 16 |
Exploit Intelligence
- CVE-2026-0006: Heap buffer overflow PoC for libopenapv (Android APV codec) - CVSS 9.8 (github-poc-repo)
- CVE-2026-0006: Heap buffer overflow PoC for libopenapv (Android APV codec) - CVSS 9.8 (github-poc)
- poc_mp4_asan.c (github-poc)
- poc_android_oob_write.c (github-poc)
- CVE-2026-000.json (github-poc)
- VulnerabilityAssessmentJobServiceTests.cs (github-poc)
- mutator.rs (github-poc)
- adapter_test.go (github-poc)
- detection_test.go (github-poc)
- poc_android_oob_write.c (github-poc)
…and 10 more exploits
Timeline
- Mar 1, 2026 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2026-03-01 advisory
- https://android.googlesource.com/platform/external/libopenapv/+/cf0a0e7a810e5a0f6e50f433c1d723b12160e8dd patch
- https://android.googlesource.com/platform/external/libopenapv/+/86a76fd73bf7636af018331d4419eaa56ca95083 patch
- https://android.googlesource.com/platform/external/libopenapv/+/c81fcd419c489dd4aa9efd0ed41fb6c38f853b4f patch