https://www.bleepingcomputer.com/news/security/july-android-security-update-fixes-four-critical-rce-flaws/

Three critical remote code execution (RCE) in the Media framework and another one in the Android system were fixed by Google in the Android Open Source Project (AOSP) as part of the July 2019 security patch.

In total, Google patched 33 security vulnerabilities in the Android system, framework, library, media framework, Qualcomm components, and Qualcomm closed-source components, all of them addressed in the 2019-07-01 and 2019-07-05 security patch levels.