Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Primary rating from Vendor (Google_Devices) · only source for this CVE.
CVSS VectorVendor: Google_Devices
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Analysis
In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37197
GHSA-42ch-w3xc-h9xw