Main Vulnerability Database Vulnerabilities #VU34886

#VU34886 Input validation error in Google Android - CVE-2020-0004

Published: January 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34886

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0004

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2020-01-01

#VU34886 Input validation error in Google Android - CVE-2020-0004

Description

Remediation

External links

Please verify you're human