Headline
CVE-2023-21261
In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "d45f0e49ab54065eb72d92aa3cc5f2152b0910b7", "tree": "234ad317e206c974e924b6e8391f37f236de846a", "parents": [ “3416d942a1d2940c6875f540a404045b5c761d66” ], "author": { "name": "Werner Lemberg", "email": "[email protected]", "time": “Sat Mar 19 06:40:17 2022 +0100” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu May 11 18:39:17 2023 +0000” }, "message": "DO NOT MERGE - Cherry-pick two upstream changes\n\nThis cherry picks following two changes:\n\n0c2bdb01a2e1d24a3e592377a6d0822856e10df2\n22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5\n\nBug: 271680254\nTest: N/A\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4ffa271ab538f57b65a65d434a2df9d3f8cd2f4a)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8abb5b963d8f3bac3224c09edff6dcbbd11bf508)\nMerged-In: I42469df8e8b07221d64e3f8574c4f30110dbda7e\nChange-Id: I42469df8e8b07221d64e3f8574c4f30110dbda7e\n", "tree_diff": [ { "type": "modify", "old_id": "883f1a8970c65ed9258fbb808a900208b62cc03b", "old_mode": 33188, "old_path": "src/base/ftobjs.c", "new_id": "46baf5fed652302b63a3ad6392698c527dbe9e49", "new_mode": 33188, "new_path": “src/base/ftobjs.c” } ] }
Related news
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.