CVE-2022-20532: Integer Overflow
First published: Fri Mar 24 2023(Updated: )
In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =13.0 | |
| =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-20532?
CVE-2022-20532 is classified as a high-severity vulnerability due to its potential for remote escalation of privilege.
How do I fix CVE-2022-20532?
To fix CVE-2022-20532, ensure that your Android system is updated to version 13.0 or later, where this vulnerability has been addressed.
What could happen if CVE-2022-20532 is exploited?
If exploited, CVE-2022-20532 could allow attackers to gain escalated privileges without needing any additional execution privileges.
Does CVE-2022-20532 require user interaction for exploitation?
No, CVE-2022-20532 does not require user interaction for exploitation, making it a significant threat.
Which version of Android is affected by CVE-2022-20532?
CVE-2022-20532 affects Android version 13.0.
- agent/type
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/google
- canonical/android
- version/android/13.0