CVE-2023-21182

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jun 28, 2023

Updated: Jul 6, 2023

CWE ID 125

Summary

CVE-2023-21182 is a vulnerability affecting the Exynos_parsing_user_data_registered_itu_t_t35 function in VendorVideoAPI.cpp of the Android operating system. This issue involves a missing bounds check that could result in an out-of-bounds read, potentially leading to local information disclosure. Notably, System execution privileges are required for exploitation, making this a serious concern. This vulnerability, identified as A-252764175, impacts Android-13 versions and requires no user interaction for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpg860
https://www.cve.org/CVERecord?id=CVE-2023-21182
https://nvd.nist.gov/vuln/detail/CVE-2023-21182

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners