CVE-2019-2060
Description
In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112709994
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing bounds check in libxaac on Android 10 allows out-of-bounds read, leading to information disclosure with user interaction.
Vulnerability
An out-of-bounds read vulnerability exists in libxaac, the AAC audio decoder library on Android 10. [1] The issue is caused by a missing bounds check, allowing reads beyond the allocated buffer. Affected versions include Android 10 (security patch level before 2019-09-01). The vulnerability is identified by Android ID A-112709994.
Exploitation
No additional execution privileges are needed, but user interaction is required. [1] An attacker would need to convince a user to process a specially crafted AAC audio file, which would trigger the out-of-bounds read when decoded by libxaac.
Impact
Successful exploitation could lead to information disclosure. [1] The attacker may be able to read sensitive memory contents from the affected process.
Mitigation
Android 10, as released on AOSP, has a default security patch level of 2019-09-01 which addresses this issue. [1] Devices with a security patch level of 2019-09-01 or later are protected. No workarounds are documented; users should ensure their devices are updated to the latest security patch level.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- source.android.com/security/bulletin/android-10mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.