CVE-2026-0140
Description
Integer overflow in RtpPacket::decodePacket leads to out-of-bounds read, enabling remote information disclosure with user interaction. Affects Android/Pixel devices before June 2026 security patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in RtpPacket::decodePacket leads to out-of-bounds read, enabling remote information disclosure with user interaction. Affects Android/Pixel devices before June 2026 security patch.
Vulnerability
In RtpPacket::decodePacket, an integer overflow can occur, leading to an out-of-bounds read. This vulnerability is present in Android devices, particularly Pixel devices, with security patch levels before 2026-06-05. The issue is in the decoding of RTP packets [1].
Exploitation
An attacker can exploit this remotely by sending a crafted RTP packet that triggers the integer overflow. No additional execution privileges are required, but user interaction is needed (likely via a malicious app or media file that uses RTP) [1].
Impact
Successful exploitation could lead to remote information disclosure (out-of-bounds read), potentially leaking sensitive data from memory [1].
Mitigation
The vulnerability is fixed in the June 2026 security patch level (2026-06-05) for Pixel devices. Users should update their devices to the latest security patch [1].
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.