CVE-2026-0056

Severity CVSS v4.0:
Pending analysis
Type:
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
01/06/2026
Last modified:
03/06/2026

Description

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*


References to Advisories, Solutions, and Tools