Vulnerability Description
In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 12.0 | |
| Mediatek | Mt6883 | - |
| Mediatek | Mt6885 | - |
| Mediatek | Mt6889 | - |
| Mediatek | Mt6893 | - |
| Mediatek | Mt8797 | - |
| Mediatek | Mt8798 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-W
- https://corp.mediatek.com/product-security-bulletin/November-2023Vendor Advisory
- http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-W
- https://corp.mediatek.com/product-security-bulletin/November-2023Vendor Advisory
FAQ
What is CVE-2023-32837?
CVE-2023-32837 is a vulnerability with a CVSS score of 7.8 (HIGH). In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...
How severe is CVE-2023-32837?
CVE-2023-32837 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32837?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Mediatek Mt6883, Mediatek Mt6885, Mediatek Mt6889, Mediatek Mt6893.