CVE-2020-0470
Description
In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-166268541
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer overflow in Android's restoration.c can lead to remote information disclosure via a crafted file, requiring user interaction.
Vulnerability
CVE-2020-0470 is an out-of-bounds write vulnerability in the extend_frame_highbd function of restoration.c within Android's media framework. The issue occurs during processing of crafted media files, leading to a heap buffer overflow. Affected versions are Android 10 and Android 11 [1].
Exploitation
Exploitation requires user interaction, such as opening a specially crafted media file. An attacker with no additional execution privileges can trigger the overflow remotely by enticing a user to process the malicious file. The specific sequence involves the vulnerable code path in extend_frame_highbd being reached during restoration of high-bit-depth frames [1].
Impact
Successful exploitation results in remote information disclosure. The attacker can read out-of-bounds heap memory, potentially exposing sensitive data from the device's memory. No additional execution privileges are gained beyond the initial context [1].
Mitigation
Android released security patches as part of the December 2020 Security Bulletin. Devices with a security patch level of 2020-12-05 or later are protected. Users should apply the update from their device manufacturer or via Android updates. No workarounds are available other than installing the patch [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Android/Androiddescription
- Range: Android-10, Android-11
- osv-coords2 versionspkg:rpm/opensuse/libaom&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/libaom&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3
< 1.0.0-150200.3.15.1+ 1 more
- (no CPE)range: < 1.0.0-150200.3.15.1
- (no CPE)range: < 1.0.0-150200.3.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- source.android.com/security/bulletin/2020-12-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.