CVE-2017-0632

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-0632

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:...

Information disclosure

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-0632

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions:...

CVE-2017-0632

CVE-2017-0632 is an information-disclosure vulnerability in the Qualcomm sound codec driver within Android’s kernel (Kernel-3.10). It could allow a local malicious application to access data beyond its permissions after compromising a privileged process. The issue is classified as Moderate and is...

Google Android Qualcomm sound codec driver elevation of privilege vulnerability

AndroidonPixel and PixelXL is an open source Linux-based operating system for the Pixel and PixelXL developed by Google and the Open Handheld Alliance OHA.Qualcommsoundcodecdriver is one of the sound decoder Qualcommsoundcodecdriver is one of the sound decoder driver components. An elevation of...

Android Qualcomm sound codec driver information disclosure vulnerability

Android on Android One is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA for devices such as Android One.Qualcomm Sound Codec Driver is one of the sound codec driver components. The Qualcomm Sound Codec Driver is one of the sound codec drivers. An...

jasper: heap-based buffer overflow in QMFB code in JPC codec

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected...

Predictable Filenames

netty-codec-http is vulnerable to predictable filenames for the temporary files. The vulnerability exists because it takes user provided file name as part of the temporary file name, allowing a malicious user to overwrite arbitrary files via a symlink attack...

Facebook Proxygen Security Vulnerability (CNVD-2017-05674)

Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the SPDY/2 codec in versions of Facebook Proxygen prior to 2015-11-09. An attacker can exploit the vulnerability to perform hijacking and injection attacks...

HE-AAC+ Codec Integer Overflow Vulnerability

HE-AAC+ Codec is a library that provides audio codecs. An integer overflow vulnerability exists in the auchannel.h file of HE-AAC+ Codec. A remote attacker can exploit the vulnerability to construct a special audio file and trick the application into parsing it, which can crash the application...

Design/Logic Flaw

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks...

CVE-2015-7263

Facebook Proxygen’s SPDY/2 codec (pre-2015-11-09) is vended with a vulnerability that allows remote attackers to hijack sessions and bypass ACL checks by sending a crafted host value. Affected component: SPDY/2 codec in Proxygen. Underlying impact described in sources as partial integrity impact ...

CVE-2015-7263

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value...

CVE-2017-7603

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

Integer overflow

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

Code injection

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

Design/Logic Flaw

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-7605

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

CVE-2017-7605

CVE-2017-7605 affects HE-AAC+ Codec (libaacplus) 2.0.2, with an assertion failure in aacplusenc.c that could allow a crafted audio file to cause a denial of service (application crash). Connected sources confirm the same issue and note related 7603/7604 variants exist in the same library. No publ...