Android
by Google
CVEs (4,715)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13232 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.… | ||
| CVE-2017-13222 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576. | ||
| CVE-2017-13219 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865. | ||
| CVE-2017-13214 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13211 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User… | ||
| CVE-2017-13207 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426. | ||
| CVE-2017-13206 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048. | ||
| CVE-2017-13202 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856. | ||
| CVE-2017-13201 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768. | ||
| CVE-2017-13200 | Hig | 0.49 | 7.5 | 0.00 | Jan 12, 2018 | An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. | ||
| CVE-2017-13199 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not… | ||
| CVE-2017-13198 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117. | ||
| CVE-2017-13197 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | ||
| CVE-2017-13196 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2017-13195 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional… | ||
| CVE-2017-13194 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. | ||
| CVE-2017-13193 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed.… | ||
| CVE-2017-13192 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed.… | ||
| CVE-2017-13191 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2017-13190 | Hig | 0.49 | 7.5 | 0.00 | Jan 12, 2018 | A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873. |
- risk 0.49cvss 7.5epss 0.01
In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.…
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.
- risk 0.49cvss 7.5epss 0.01
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.
- risk 0.49cvss 7.5epss 0.02
In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.49cvss 7.5epss 0.02
In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User…
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.
- risk 0.49cvss 7.5epss 0.00
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.
- risk 0.49cvss 7.5epss 0.02
In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.
- risk 0.49cvss 7.5epss 0.02
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- risk 0.49cvss 7.5epss 0.02
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.02
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
- risk 0.49cvss 7.5epss 0.02
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed.…
- risk 0.49cvss 7.5epss 0.02
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed.…
- risk 0.49cvss 7.5epss 0.02
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for…
- risk 0.49cvss 7.5epss 0.00
A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.
Page 122 of 236