189 matches found
CVE-2016-0811
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, ...
CVE-2016-0809
CVE-2016-0809 is a use-after-free in the wifi_cleanup function of Broadcom’s Wi‑Fi driver (bcmdhd/wifi_hal/wifi_hal.cpp) used by Android 6.x. The issue could allow local privilege escalation when an attacker with physical access executes a crafted app. Affected: Android 6.x prior to 2016-02-01. R...
CVE-2016-0809
Use-after-free vulnerability in the wificleanup function in bcmdhd/wifihal/wifihal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768...
CVE-2016-0807
CVE-2016-0807 affects Android 6.x Debuggerd (get_build_id in elf_utils.cpp) where a crafted ELF Note Desc Size element mishandling enables privilege escalation. Root cause: improper handling in Debuggerd’s ELF note parsing. Impact: high (local attacker). Affected component: Android 6.x Debuggerd....
CVE-2016-0804
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary cod...
CVE-2016-0807
The getbuildid function in elfutils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394...
CVE-2015-6783
The FindStartOffsetOfFileInZipFile function in crazylinkerzip.cpp in crazylinker aka Crazy Linker in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP...
CVE-2015-6783
The FindStartOffsetOfFileInZipFile function in crazylinkerzip.cpp in crazylinker aka Crazy Linker in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP...
CVE-2015-6783
CVE-2015-6783 affects Google Chrome components on Android 5.x–6.x that use Crazy Linker. The vulnerability is in crazy_linker_zip.cpp FindStartOffsetOfFileInZipFile, where EOCD record search is faulty, allowing signature-validation bypass via a crafted ZIP archive. Public docs confirm this CVE wa...