Vulnerabilities > CVE-2019-1986 - Out-of-bounds Write vulnerability in Google Android 9.0

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
google
CWE-787

Summary

In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472.

Vulnerable Configurations

Part Description Count
OS
Google
1

Common Weakness Enumeration (CWE)

The Hacker News

idTHN:E15EA77F64F9374B240CA8A7F340C67A
last seen2019-02-06
modified2019-02-06
published2019-02-06
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/02/hack-android-with-image.html
titleAndroid Phones Can Get Hacked Just by Looking at a PNG Image