587 matches found
CVE-2017-13253
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1...
CVE-2017-13252
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2017-13263
CVE-2017-13263 affects the Android framework (Android 8.0 and 8.1). The incident is classified as an Elevation of Privilege (EoP) in the framework; no specific root-cause technical details are provided in the documents. The accessible sources identify it under the Framework category with a Modera...
CVE-2017-13250
CVE-2017-13250 affects Android and targets the media decoding path in ih264d_utils.c, specifically ih264d_fmt_conv_420sp_to_420p. The root cause is an out-of-bounds write caused by a multiplication error, enabling remote code execution with user interaction required on affected builds. Affected v...
CVE-2017-13248
In impeg2idctreconsse42 of impeg2idctreconsse42intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0...
CVE-2017-13289
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is...
CVE-2017-13302
A denial of service vulnerability in the Android system system ui. Product: Android. Versions: 8.0. Android ID: A-69969749...
Design/Logic Flaw
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User...
Out-of-bounds
In the FrameSequencegif::FrameSequencegif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...
Stack overflow
In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...
Design/Logic Flaw
In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0,...
Denial of service
A denial of service vulnerability in the Android framework package installer. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081...
Null pointer dereference
In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1...
CVE-2017-13285
In SvoxSsmlParser and startElement of svoxssmlparser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2017-13275
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID:...
Out-of-bounds
In SvoxSsmlParser and startElement of svoxssmlparser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2017-13276
In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...
Out-of-bounds
In sdpserverhandleclientreq of sdpserver.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...
Stack overflow
In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1...
Design/Logic Flaw
In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User...