CVE-2026-20413
EUVD-2026-513202.02.2026, 09:15
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| android | 15.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in InputThe product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.