Out of Bounds Write Vulnerability in Android by Google
CVE-2019-2093

8.8HIGH

Key Information:

Vendor: Android
Status: Android
Vendor: CVE Published:; 7 June 2019

What is CVE-2019-2093?

An out of bounds write vulnerability exists in the huff_dec_1D function of the nlc_dec.cpp file within Android. This issue is caused by a lack of proper bounds checking, which may allow an attacker to execute arbitrary code remotely, assuming they can engage with the target user to initiate the exploit. The vulnerability specifically affects Android-9 and poses significant security risks to user data and system integrity.

Affected Version(s)

Android Android-9

References

https://source.android.com/security/bulletin/2019-06-01

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2019
Vulnerability Reserved
Dec 10, 2018