CVE-2022-20532

In CVE-2022-20532, the vulnerability lies in MPEG4Extractor.cpp’s parseTrackFragmentRun() where an integer overflow can cause an out-of-bounds read. This may enable remote elevation of privileges without user interaction on Android 13 devices. Documented impact is high across confidentiality, int...

CVE-2021-0971

CVE-2021-0971 affects Google Android Media Framework: specifically MPEG4Source::read in MPEG4Extractor.cpp, where an out-of-bounds write can occur due to a missing bounds check. This can lead to remote information disclosure. The vulnerability is described for Android 9–12, with exploitation requ...

Input validation

In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

Out-of-bounds

In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

Input validation

In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

CVE-2020-0161

In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

CVE-2020-0162

In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

CVE-2020-0163

CVE-2020-0163 targets MPEG4Extractor.cpp (parseSampleAuxiliaryInformationSizes) and can cause resource exhaustion leading to remote DoS on Android 10. Documents confirm a vulnerability in the Android Media Framework with input validation weaknesses; CVSS2/3 metrics indicate network access with no...

CVE-2020-0161

CVE-2020-0161 affects Android 10 (Android in the Pixel/Android Security Bulletin context) with a vulnerability in MPEG4Extractor.cpp (parseChunk). The underlying issue is resource exhaustion caused by improper input validation, leading to remote denial of service. Exploitation requires user inter...

Input validation

In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Andro...

CVE-2017-0855

In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not need...

Design/Logic Flaw

In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not need...

CVE-2017-0855

CVE-2017-0855 affects Android’s Media Framework in MPEG4Extractor.cpp, where several paths return early without cleaning up internal buffers, leading to memory leaks. The impact is remote denial of service of a privileged process without extra privileges or user interaction. Affected Android vers...

Design/Logic Flaw

MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service device hang or reboot via a crafted file...

CVE-2016-0837

MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read and memory corruption via a crafted media file, aka...

Out-of-bounds

MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read and memory corruption via a crafted media file, aka...

CVE-2016-0837

MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read and memory corruption via a crafted media file, aka...

CVE-2016-0815

The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file...

Buffer overflow

Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538...