CVE-2026-0149

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

17 Jun 2026, 17:34

Type Values Removed Values Added
CWE CWE-122
CWE-787
References () https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01 - () https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01 - Vendor Advisory
First Time Google
Google android
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

16 Jun 2026, 20:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-16 20:16

Updated : 2026-06-17 17:34


NVD link : CVE-2026-0149

Mitre link : CVE-2026-0149

CVE.ORG link : CVE-2026-0149


JSON object : View

Products Affected

google

  • android
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write