Uninitialized Data Memory Corruption Vulnerability in FileInputStream::Read

CVE-2019-2105 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182.

Learn more about our Cis Benchmark Audit For Google Android.