CVE-2023-20958: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in the read_paint function of ttcolr.c in Android 13, identified as CVE-2023-20958. The vulnerability involves a possible out-of-bounds read due to a heap buffer overflow, which was disclosed in March 2023. This security issue affects Android version 13 and was tracked under Android ID: A-254803162 (Android Bulletin).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs in the read_paint function of ttcolr.c. It has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The vulnerability requires local access and low privileges for exploitation, but does not require user interaction (NVD).

A successful exploitation of this vulnerability could lead to local information disclosure. The vulnerability has high impacts on both confidentiality and availability of the system, while having no direct impact on integrity. No additional execution privileges are required for exploitation (NVD).

The vulnerability was addressed in the Android Security Bulletin of March 2023. Users should update their Android 13 devices to the latest security patch level to mitigate this vulnerability (Android Bulletin).