CVE-2024-20009: In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with...
Description
In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.
Classification
CVE ID: CVE-2024-20009
Problem Types
Elevation of PrivilegeAffected Products
Vendor: MediaTek, Inc.
Product: MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8185, MT8188, MT8188T
Exploit Prediction Scoring System (EPSS)
EPSS Score: 2.07% (probability of being exploited)
EPSS Percentile: 83.1% (scored less or equal to compared to others)
EPSS Date: 2025-06-30 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-20009https://corp.mediatek.com/product-security-bulletin/February-2024