Login Sign Up

CVE-2021-0325

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Android devices through a heap buffer overflow in the H.264 video parsing component. Attackers can achieve remote code execution without requiring additional privileges, though user interaction is needed for exploitation. All Android devices running versions 8.1 through 11 are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.1, 9, 10, 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected Android versions with default configurations are vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install malware, steal sensitive data, or join devices to botnets.

🟠

Likely Case

Malicious apps exploiting this vulnerability to gain elevated privileges and perform unauthorized actions.

🟢

If Mitigated

Limited impact if devices are patched and have security controls like app sandboxing and exploit mitigations enabled.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (such as opening a malicious video file) and bypassing Android's security mitigations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin February 2021 patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-02-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install the February 2021 Android security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable automatic media processing

android

Prevent automatic parsing of H.264 video files by untrusted applications

🧯 If You Can't Patch

  • Restrict installation of untrusted applications from unknown sources
  • Use mobile device management (MDM) to enforce security policies and application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 8.1, 9, 10, or 11 without February 2021 security patch, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level in Settings > About phone > Android security patch level shows February 2021 or later.

📡 Detection & Monitoring

Log Indicators:

  • Crash logs from media parsing processes
  • Unexpected process terminations in system logs

Network Indicators:

  • Unusual network traffic from media applications
  • Suspicious video file downloads

SIEM Query:

source="android_system" AND (process="media" OR process="video") AND event="crash"

📊 Metadata

CVE ID: CVE-2021-0325
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0325, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)