Out of Bounds Read Vulnerability in imgsys by MediaTek
CVE-2023-20839

4.2MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2713, Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8673
Vendor: CVE Published:; 4 September 2023

Summary

A vulnerability in imgsys allows for an out of bounds read due to inadequate range checking. This issue can cause local information disclosure, requiring user interaction for exploitation and necessitating system execution privileges. Affected users should apply the patch identified as ALPS07326455 to mitigate this risk.

Affected Version(s)

MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022