Out of Bounds Write Vulnerability in MediaTek VDEC Component
CVE-2023-32818

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6761, Mt6763, Mt6765, Mt6768, Mt6771, Mt6779, Mt6785, Mt6853, Mt6873, Mt6885
Vendor: CVE Published:; 6 November 2023

Summary

A vulnerability has been identified in the MediaTek VDEC component that allows for a potential out of bounds write due to type confusion. This flaw can permit local escalation of privilege, granting attackers system execution rights without requiring any user interaction. It is crucial for affected users to apply the latest patches provided by MediaTek to mitigate this risk. Ensure to check for updates related to Patch IDs ALPS08163896 and ALPS08013430, as well as Issue ID ALPS07867715 for further information.

Affected Version(s)

MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885 Android 11.0, 12.0, 13.0

References

https://corp.mediatek.com/product-security-bulletin/Novem...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
May 16, 2023