CVE-2019-2044

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862

• CVE ID
• CVE-2019-2044

• Assigner
• security@android.com

• Vulnerability Status
• Analyzed

• Published Version
• 2019-05-08T17:29:00

• Last Modified Date
• 2019-05-09T12:21:02

• Version
• 2.0

• Vector String
• AV:N/AC:M/Au:N/C:C/I:C/A:C

• Access Vector
• NETWORK

• Access Compatibility
• MEDIUM

• Authentication
• NONE

• Confidentiality Impact
• COMPLETE

• Integrity Impact
• COMPLETE

• Availability Impact
• COMPLETE

• Base Score
• 9.3

• Severity
• HIGH

• Exploitability Score
• 8.6

• Impact Score
• 10

• Version
• 3.0

• Vector String
• CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

• Attack Vector
• NETWORK

• Attack Compatibility
• LOW

• Privileges Required
• NONE

• User Interaction
• REQUIRED

• Scope
• UNCHANGED

• Confidentiality Impact
• HIGH

• Availability Impact
• HIGH

• Base Score
• 8.8

• Base Severity
• HIGH

• Exploitability Score
• 2.8

• Impact Score
• 5.9