CVE-2021-0484

MEDIUM Year: 2021
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-909
View all →

Vulnerability Description

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767

Related Vulnerabilities

CVE-2017-0730

MEDIUM
CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112.

CWE-9092017

CVE-2018-9511

MEDIUM
CVSS:5.5(Medium)

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on socket...

CWE-9092018

CVE-2020-0134

MEDIUM
CVSS:5.5(Medium)

In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. ...

CWE-9092020

CVE-2020-1419

MEDIUM
CVSS:5.5(Medium)

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique f...

CWE-9092020

CVE-2020-9227

MEDIUM
CVSS:5.5(Medium)

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted applic...

CWE-9092020

CVE-2021-0966

MEDIUM
CVSS:5.5(Medium)

In code generated by BuildParcelFields of generate_cpp.cpp, there is a possible way for a crafted parcelable to reveal uninitialized memory of a target process due to uninitialized data. This could le...

CWE-9092021