Alpine iLX-507 AVRCP Stack-Based Buffer Overflow Remote Code Execution Vulnerability

A stack-based buffer overflow vulnerability allowing remote code execution has been identified in the Alpine iLX-507 audio/video receiver. This issue arises in the AVRCP protocol implementation, where user-supplied data is not properly validated before being copied to a fixed-length stack-based buffer. Exploitation of this vulnerability requires user interaction, as the target device must connect to a malicious Bluetooth device. Successful exploitation allows attackers to execute arbitrary code with root privileges on the affected device.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device, with the executed code running in the context of the root user.

Remediation

The vendor has not provided a patch for this vulnerability. The only recommended mitigation is to limit interactions with the product.