CVE-2019-2105

Summary

In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182.

Affected Software

VendorProductVersion RangeStatus
n/aAndroidAndroid-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9affected

Weaknesses

  • Remote code execution

ADP Enrichment

CVE Program Container

Additional References

References