mediaserver
by Google
CVEs (85)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0407 | Hig | 0.51 | 7.8 | 0.02 | Feb 8, 2017 | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of… | ||
| CVE-2017-0406 | Hig | 0.51 | 7.8 | 0.02 | Feb 8, 2017 | A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of… | ||
| CVE-2016-6706 | Hig | 0.51 | 7.8 | 0.01 | Dec 13, 2016 | An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain… | ||
| CVE-2016-6705 | Hig | 0.51 | 7.8 | 0.01 | Nov 25, 2016 | An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue… | ||
| CVE-2016-6704 | Hig | 0.51 | 7.8 | 0.01 | Nov 25, 2016 | An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged… | ||
| CVE-2016-3933 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2016 | mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408. | ||
| CVE-2016-3932 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2016 | mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870. | ||
| CVE-2016-3913 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2016 | media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges… | ||
| CVE-2016-3910 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2016 | services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546. | ||
| CVE-2016-3909 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2016 | The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990. | ||
| CVE-2016-3872 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2016 | Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug… | ||
| CVE-2016-3844 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517. | ||
| CVE-2016-3826 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted… | ||
| CVE-2016-3824 | Hig | 0.51 | 7.8 | 0.00 | Aug 5, 2016 | omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug… | ||
| CVE-2016-3747 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or… | ||
| CVE-2016-3746 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2016 | Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or… | ||
| CVE-2016-2508 | Hig | 0.51 | 7.8 | 0.02 | Jul 11, 2016 | media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of… | ||
| CVE-2016-2487 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2016 | libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug… | ||
| CVE-2016-2482 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2016 | The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature… | ||
| CVE-2016-2477 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2016 | mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining… |
- risk 0.51cvss 7.8epss 0.02
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…
- risk 0.51cvss 7.8epss 0.02
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged…
- risk 0.51cvss 7.8epss 0.00
mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.
- risk 0.51cvss 7.8epss 0.00
mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.
- risk 0.51cvss 7.8epss 0.01
media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges…
- risk 0.51cvss 7.8epss 0.00
services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30148546.
- risk 0.51cvss 7.8epss 0.01
The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990.
- risk 0.51cvss 7.8epss 0.01
Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug…
- risk 0.51cvss 7.8epss 0.00
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
- risk 0.51cvss 7.8epss 0.00
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted…
- risk 0.51cvss 7.8epss 0.00
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug…
- risk 0.51cvss 7.8epss 0.00
Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or…
- risk 0.51cvss 7.8epss 0.00
Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or…
- risk 0.51cvss 7.8epss 0.02
media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of…
- risk 0.51cvss 7.8epss 0.00
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…
- risk 0.51cvss 7.8epss 0.00
The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature…
- risk 0.51cvss 7.8epss 0.00
mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining…
Page 2 of 5