VYPR

SoftAVCDec

by Google

CVEs (2)

  • CVE-2017-13178CriJan 12, 2018
    risk 0.64cvss 9.8epss 0.02

    In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction…

  • CVE-2017-13180HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege…