Description
In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the __mfc_core_nal_q_get_dec_metadata_sei_nal function in mfc_core_nal_q.c, where a missing bounds check allows an out‑of‑bounds write that can be leveraged to execute arbitrary code. No additional privileges are required, and exploitation does not require user interaction.

Affected Systems

The flaw affects Android devices running the affected Media Codec library, as identified by Google in the Android security bulletin for the 2026‑06‑01 release. Specific OS versions are not listed, but any device that incorporates the vulnerable function is potentially impacted.

Risk and Exploitability

With a CVSS score of 8.8 the vulnerability is classified as high severity, yet the EPSS score of less than 1 % indicates a very low likelihood of current exploitation. The flaw is not yet listed in the CISA KEV catalog. The likely attack vector is remote, based on malformed media data processed by the system’s codec routines, and requires no user interaction.

Generated by OpenCVE AI on June 17, 2026 at 20:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Android security patch published by Google for the affected devices as outlined in the 2026‑06‑01 security bulletin.
  • After updating, reboot the device to ensure the patched codec library is loaded and active.
  • Verify the device’s security post‑update by monitoring for anomalous media decoding activity and restricting external media handling if a patch cannot be applied immediately.

Generated by OpenCVE AI on June 17, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Tue, 16 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:16.756Z

Reserved: 2025-10-23T08:43:54.592Z

Link: CVE-2026-0147

cve-icon Vulnrichment

Updated: 2026-06-16T20:06:24.197Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:25.440

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0147

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:45:02Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-787

    Out-of-bounds Write