Three critical remote code execution (RCE) vulnerabilities in Android system, framework, library, media framework, Qualcomm components, and Qualcomm closed-source components patched in July 2019 security patch. Google also added several functional patches to address various functionality issues impacting Google devices. The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker to execute arbitrary code within the context of a privileged process. The rest of the 33 vulnerabilities patched in this security update are either elevation of privilege flaws, can lead to information disclosure, or haven’t yet been classified.
Source: https://www.bleepingcomputer.com/news/security/july-android-security-update-fixes-four-critical-rce-flaws/