Description
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow occurs in RtpSession::rtpSendRtcpPacket, resulting in an out‑of‑bounds write that can be exploited to execute arbitrary code. No privilege escalation is required and user interaction is not needed. This flaw maps to CWE-122 and CWE-787.

Affected Systems

The vulnerability affects Google Android devices, as documented in the Google Android security bulletin for Pixel hardware. No specific affected OS versions are listed, so any device running Android at the time of the bulletin that includes the affected RtpSession code is potentially impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, while the EPSS score of < 1% suggests the likelihood of exploitation is currently low. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is remote and may involve sending specially crafted RTP/RTCP packets to the device, requiring no user interaction.

Generated by OpenCVE AI on June 17, 2026 at 18:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Android security patch released in the 2026-06-01 bulletin for all affected Pixel devices.
  • Reboot the device to ensure the update takes effect.
  • Enable automatic OS updates so the device receives future security fixes promptly.

Generated by OpenCVE AI on June 17, 2026 at 18:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Tue, 16 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:14.554Z

Reserved: 2025-10-23T08:43:57.569Z

Link: CVE-2026-0149

cve-icon Vulnrichment

Updated: 2026-06-16T20:03:44.674Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:25.620

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0149

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:45:02Z

Weaknesses