Android 7 < 9 - Remote Code Execution

Author: Marcin Kozlowski
type: remote
platform: android
port: 
date_added: 2019-07-24  
date_updated: 2020-06-18  
verified: 0  
codes: CVE-2019-2107  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 47157.txt  

# Exploit Title: Android 7-9 - Remote Code Execution
# Date: [date]
# Exploit Author: Marcin Kozlowski
# Version: 7-9
# Tested on: Android
# CVE : 2019-2107

CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns ....
With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video (with tiles enabled - ps_pps->i1_tiles_enabled_flag) you can possibly do RCE. The codec affected is HVEC (a.k.a H.265 and MPEG-H Part 2)

POC:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47157.zip