Description
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing bounds check in TextRtpPayloadDecoderNode::DecodeT140 of Android’s RTP payload decoding module can cause an out‑of‑bounds write. This flaw permits remote code execution without requiring escalated privileges or user interaction, enabling an attacker to run arbitrary code on the affected device.

Affected Systems

The vulnerability affects Google Android devices. No specific version or build information is disclosed in the available data, so any Android device that incorporates the affected TextRtpPayloadDecoderNode implementation is considered at risk.

Risk and Exploitability

The CVSS score of 8.8 reflects a high severity, but the EPSS score of less than 1% indicates a low likelihood of exploitation in the wild at present. The flaw is not listed in the CISA KEV catalog. Exploitation is likely to occur remotely, possibly through crafted RTP streams that are processed by the vulnerable decoder, and it does not require user interaction.

Generated by OpenCVE AI on June 17, 2026 at 18:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security update that contains the fix for the TextRtpPayloadDecoderNode out‑of‑bounds write
  • If an urgent update is not yet available, block or monitor RTP traffic and consider disabling features that invoke the decoder through device policy controls
  • Stay alert to official advisories from Google for any updated patches or workarounds, and verify that devices are updated accordingly

Generated by OpenCVE AI on June 17, 2026 at 18:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:09.059Z

Reserved: 2025-10-23T08:44:57.549Z

Link: CVE-2026-0160

cve-icon Vulnrichment

Updated: 2026-06-16T19:47:04.056Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:26.517

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0160

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:45:02Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')