Vendor CVEs
LG Electronics
All CVEs
41 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48010 | Cri | 0.64 | 9.8 | 0.00 | Dec 5, 2024 | STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | ||
| CVE-2018-16288 | Hig | 0.62 | 8.6 | 0.35 | Sep 14, 2018 | LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | ||
| CVE-2016-3851 | Hig | 0.53 | 8.1 | 0.01 | Aug 5, 2016 | The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. | ||
| CVE-2024-6176 | Med | 0.31 | — | 0.00 | Jun 20, 2024 | Allocation of Resources Without Limits or Throttling vulnerability in LG Electronics LG SuperSign CMS allows Port Scanning.This issue affects LG SuperSign CMS: from 4.1.3 before < 4.3.1. | ||
| CVE-2016-8474 | Med | 0.31 | 4.7 | 0.01 | Jan 12, 2017 | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.… | ||
| CVE-2016-8473 | Med | 0.31 | 4.7 | 0.01 | Jan 12, 2017 | An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.… | ||
| CVE-2017-18347 | Med | 0.30 | 4.6 | 0.00 | Sep 12, 2018 | Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full… | ||
| CVE-2024-45064 | 0.00 | — | 0.01 | Apr 2, 2025 | A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||
| CVE-2024-50385 | 0.00 | — | 0.01 | Apr 2, 2025 | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This… | |||
| CVE-2024-50384 | 0.00 | — | 0.01 | Apr 2, 2025 | A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This… | |||
| CVE-2024-50595 | 0.00 | — | 0.01 | Apr 2, 2025 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this… | |||
| CVE-2024-50594 | 0.00 | — | 0.01 | Apr 2, 2025 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this… | |||
| CVE-2024-50597 | 0.00 | — | 0.01 | Apr 2, 2025 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This… | |||
| CVE-2024-50596 | 0.00 | — | 0.01 | Apr 2, 2025 | An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This… | |||
| CVE-2024-6179 | 0.00 | — | 0.00 | Jun 20, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | |||
| CVE-2024-6178 | 0.00 | — | 0.00 | Jun 20, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | |||
| CVE-2024-6177 | 0.00 | — | 0.00 | Jun 20, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. | |||
| CVE-2023-36629 | 0.00 | — | 0.00 | Jan 9, 2024 | The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. | |||
| CVE-2023-50096 | 0.00 | — | 0.01 | Jan 1, 2024 | STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample… | |||
| CVE-2021-42553 | 0.00 | — | 0.01 | Oct 21, 2022 | A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as… | |||
| CVE-2021-43392 | 0.00 | — | 0.00 | Mar 4, 2022 | STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is… | |||
| CVE-2021-43393 | 0.00 | — | 0.00 | Mar 4, 2022 | STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for… | |||
| CVE-2021-34268 | 0.00 | — | 0.00 | Jul 22, 2021 | An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. | |||
| CVE-2021-34267 | 0.00 | — | 0.00 | Jul 22, 2021 | An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. | |||
| CVE-2021-34262 | 0.00 | — | 0.00 | Jul 22, 2021 | A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||
| CVE-2021-34261 | 0.00 | — | 0.00 | Jul 22, 2021 | An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. | |||
| CVE-2021-34260 | 0.00 | — | 0.00 | Jul 22, 2021 | A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||
| CVE-2021-34259 | 0.00 | — | 0.00 | Jul 22, 2021 | A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. | |||
| CVE-2020-27212 | 0.00 | — | 0.00 | May 21, 2021 | STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase. | |||
| CVE-2021-29414 | 0.00 | — | 0.00 | May 21, 2021 | STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control. | |||
| CVE-2020-20949 | 0.00 | — | 0.01 | Jan 20, 2021 | Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the… | |||
| CVE-2020-7807 | 0.00 | — | 0.00 | Sep 14, 2020 | A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics… | |||
| CVE-2020-13466 | 0.00 | — | 0.00 | Aug 31, 2020 | STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||
| CVE-2020-8004 | 0.00 | — | 0.03 | Apr 6, 2020 | STMicroelectronics STM32F1 devices have Incorrect Access Control. | |||
| CVE-2019-16863 | 0.00 | — | 0.03 | Nov 14, 2019 | STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | |||
| CVE-2019-14238 | 0.00 | — | 0.00 | Sep 24, 2019 | On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | |||
| CVE-2019-14236 | 0.00 | — | 0.02 | Sep 12, 2019 | On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. | |||
| CVE-2014-7243 | 0.00 | — | 0.01 | Dec 5, 2014 | LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2007-5558 | 0.00 | — | 0.02 | Oct 18, 2007 | Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known… | |||
| CVE-2007-0524 | 0.00 | — | 0.01 | Jan 26, 2007 | The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2005-1132 | 0.00 | — | 0.02 | May 2, 2005 | LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. |
- risk 0.64cvss 9.8epss 0.00
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.
- risk 0.62cvss 8.6epss 0.35
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
- risk 0.53cvss 8.1epss 0.01
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
- risk 0.31cvss —epss 0.00
Allocation of Resources Without Limits or Throttling vulnerability in LG Electronics LG SuperSign CMS allows Port Scanning.This issue affects LG SuperSign CMS: from 4.1.3 before < 4.3.1.
- risk 0.31cvss 4.7epss 0.01
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…
- risk 0.31cvss 4.7epss 0.01
An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…
- risk 0.30cvss 4.6epss 0.00
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full…
- CVE-2024-45064Apr 2, 2025risk 0.00cvss —epss 0.01
A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.
- CVE-2024-50385Apr 2, 2025risk 0.00cvss —epss 0.01
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…
- CVE-2024-50384Apr 2, 2025risk 0.00cvss —epss 0.01
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…
- CVE-2024-50595Apr 2, 2025risk 0.00cvss —epss 0.01
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this…
- CVE-2024-50594Apr 2, 2025risk 0.00cvss —epss 0.01
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this…
- CVE-2024-50597Apr 2, 2025risk 0.00cvss —epss 0.01
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…
- CVE-2024-50596Apr 2, 2025risk 0.00cvss —epss 0.01
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…
- CVE-2024-6179Jun 20, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.
- CVE-2024-6178Jun 20, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.
- CVE-2024-6177Jun 20, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.
- CVE-2023-36629Jan 9, 2024risk 0.00cvss —epss 0.00
The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read.
- CVE-2023-50096Jan 1, 2024risk 0.00cvss —epss 0.01
STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample…
- CVE-2021-42553Oct 21, 2022risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as…
- CVE-2021-43392Mar 4, 2022risk 0.00cvss —epss 0.00
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is…
- CVE-2021-43393Mar 4, 2022risk 0.00cvss —epss 0.00
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for…
- CVE-2021-34268Jul 22, 2021risk 0.00cvss —epss 0.00
An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.
- CVE-2021-34267Jul 22, 2021risk 0.00cvss —epss 0.00
An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.
- CVE-2021-34262Jul 22, 2021risk 0.00cvss —epss 0.00
A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
- CVE-2021-34261Jul 22, 2021risk 0.00cvss —epss 0.00
An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.
- CVE-2021-34260Jul 22, 2021risk 0.00cvss —epss 0.00
A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
- CVE-2021-34259Jul 22, 2021risk 0.00cvss —epss 0.00
A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.
- CVE-2020-27212May 21, 2021risk 0.00cvss —epss 0.00
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
- CVE-2021-29414May 21, 2021risk 0.00cvss —epss 0.00
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
- CVE-2020-20949Jan 20, 2021risk 0.00cvss —epss 0.01
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the…
- CVE-2020-7807Sep 14, 2020risk 0.00cvss —epss 0.00
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics…
- CVE-2020-13466Aug 31, 2020risk 0.00cvss —epss 0.00
STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.
- CVE-2020-8004Apr 6, 2020risk 0.00cvss —epss 0.03
STMicroelectronics STM32F1 devices have Incorrect Access Control.
- CVE-2019-16863Nov 14, 2019risk 0.00cvss —epss 0.03
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
- CVE-2019-14238Sep 24, 2019risk 0.00cvss —epss 0.00
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
- CVE-2019-14236Sep 12, 2019risk 0.00cvss —epss 0.02
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
- CVE-2014-7243Dec 5, 2014risk 0.00cvss —epss 0.01
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2007-5558Oct 18, 2007risk 0.00cvss —epss 0.02
Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known…
- CVE-2007-0524Jan 26, 2007risk 0.00cvss —epss 0.01
The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2005-1132May 2, 2005risk 0.00cvss —epss 0.02
LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.