CVE-2023-32837
mtk-jpeg Driver Out-Of-Bounds Read / Write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.
En el vídeo, hay una posible escritura fuera de los límites debido a una comprobación de los límites faltantes. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08235273; ID del problema: ALPS08250357.
An out-of-bounds read / write due to missing bounds check in the mtk-jpeg driver can lead to memory corruption and potential escalation of privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-05-16 CVE Reserved
- 2023-11-06 CVE Published
- 2023-11-14 First Exploit
- 2025-02-13 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-Write.html |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/175665 | 2023-11-14 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2023 | 2023-11-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| in | Mediatek Search vendor "Mediatek" | Mt6883 Search vendor "Mediatek" for product "Mt6883" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| in | Mediatek Search vendor "Mediatek" | Mt6885 Search vendor "Mediatek" for product "Mt6885" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| in | Mediatek Search vendor "Mediatek" | Mt6889 Search vendor "Mediatek" for product "Mt6889" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| in | Mediatek Search vendor "Mediatek" | Mt6893 Search vendor "Mediatek" for product "Mt6893" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| in | Mediatek Search vendor "Mediatek" | Mt8797 Search vendor "Mediatek" for product "Mt8797" | - | - |
Safe
|
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 12.0 Search vendor "Google" for product "Android" and version "12.0" | - |
Affected
| in | Mediatek Search vendor "Mediatek" | Mt8798 Search vendor "Mediatek" for product "Mt8798" | - | - |
Safe
|