CVE-2024-49714
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-05

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-14
NVD
CVE-2024-49714
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
google android 13.0
google android 14.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap buffer overflow in the avrc_vendor_msg function of avrc_opt.cc, which can cause an out of bounds write. This means that the program writes data outside the allocated memory buffer, potentially corrupting memory.

Impact Analysis

The vulnerability could allow a paired device to escalate its privileges without needing any additional execution privileges or user interaction. This means an attacker with a paired device could gain higher access or control than intended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-49714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart