CVE-2024-43090

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-43090
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://android.googlesource.com/platform/frameworks/base/+/f1a15b5ef2539113c882fd2644f301a23e50f961
https://source.android.com/security/bulletin/2025-03-01
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
History

26 Aug 2025, 23:15

Type Values Removed Values Added
References
  • {'url': 'https://android.googlesource.com/platform/frameworks/base/+/4677d3ee0ec2d31acc6108fea7be6cced971da37', 'tags': ['Mailing List', 'Patch'], 'source': 'security@android.com'}
  • {'url': 'https://source.android.com/security/bulletin/2024-11-01', 'tags': ['Patch', 'Vendor Advisory'], 'source': 'security@android.com'}
  • () https://android.googlesource.com/platform/frameworks/base/+/f1a15b5ef2539113c882fd2644f301a23e50f961 -
  • () https://source.android.com/security/bulletin/2025-03-01 -

17 Dec 2024, 20:43

Type Values Removed Values Added
References () https://android.googlesource.com/platform/frameworks/base/+/4677d3ee0ec2d31acc6108fea7be6cced971da37 - () https://android.googlesource.com/platform/frameworks/base/+/4677d3ee0ec2d31acc6108fea7be6cced971da37 - Mailing List, Patch
References () https://source.android.com/security/bulletin/2024-11-01 - () https://source.android.com/security/bulletin/2024-11-01 - Patch, Vendor Advisory
CPE cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
First Time Google
Google android

15 Nov 2024, 14:00

Type Values Removed Values Added
Summary
  • (es) En varias ubicaciones, es posible que varios usuarios lean una imagen debido a que no se ha verificado el permiso. Esto podría provocar la divulgación de información local y requerir privilegios de ejecución del usuario. Para la explotación, se necesita la interacción del usuario.

13 Nov 2024, 22:35

Type Values Removed Values Added
CWE CWE-862
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.0

13 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-13 18:15

Updated : 2025-08-26 23:15

NVD link : CVE-2024-43090

Mitre link : CVE-2024-43090

CVE.ORG link : CVE-2024-43090

JSON object : View

Products Affected

google

  • android
CWE
CWE-862

Missing Authorization