Impact
A missing permission check in the Camera application permits an application or user to access stored photos without authorization, resulting in local disclosure of personal images. The flaw requires no additional execution privileges and does not need user interaction. This weakness corresponds to CWE‑862, Unauthorized Access to Resource.
Affected Systems
The vulnerability is present in Google Android devices, specifically within the Camera application bundled with Google Pixel devices. No specific Android version is listed, so any device running the affected Camera component could be impacted.
Risk and Exploitability
The CVSS score of 3.3 indicates a low severity, and the EPSS score of less than 1% reflects a very low likelihood of exploitation. The flaw is not listed in CISA’s KEV catalog, and exploitation requires local access to the device; no network-based attack is implied. The risk remains confined to local data exposure without further system compromise.
OpenCVE Enrichment