Security Advisory - Multiple Vulnerabilities in MTK Platform

There are two buffer overflow vulnerabilities and one arbitrary memory write vulnerability in the camera driver of MTK platform in some Huawei smart phones. Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege an...

Design/Logic Flaw

An invalid memory write was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service segmentation fault and application crash or possibly unspecified other impact...

DEBIAN-CVE-2017-14412

An invalid memory write was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service segmentation fault and application crash or possibly unspecified other impact...

CVE-2017-14412

An invalid memory write was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service segmentation fault and application crash or possibly unspecified other impact...

CVE-2017-14412

An invalid memory write was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service segmentation fault and application crash or possibly unspecified other impact...

CVE-2017-14412

An invalid memory write was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service segmentation fault and application crash or possibly unspecified other impact...

CVE-2017-14412

CVE-2017-14412 affects MP3Gain 1.5.2, where an invalid memory write in copy_mp (interface.c) of mpglibDBL can cause a denial of service via segmentation fault/application crash (and possibly other impact). Connected sources corroborate the issue in mpglibDBL and detail the vulnerability as part o...

CVE-2017-14412

An invalid memory write was discovered in copymp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service segmentation fault and application crash or possibly unspecified other impact...

UBUNTU-CVE-2017-14258

In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file...

CVE-2017-14181

DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service invalid memory write, SEGV on unknown address 0x000000000030, and application crash or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer...

CVE-2017-12953

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted gig file...

DEBIAN-CVE-2017-12953

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted gig file...

CVE-2017-12953

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted gig file...

CVE-2017-12953

The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted gig file...

Huawei Cell Phone Write Arbitrary Memory Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A write-anywhere memory vulnerability exists in the Bootloader of the Huawei P10 and P10 Plus due to a lack of parameter checking. An attacker who has gained root access to the Android system can trick the us...

Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones

The boot loaders of some Huawei mobile phones have a arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory...

CVE-2017-8271

CVE-2017-8271 describes an out-of-bounds memory write in the MDSS Rotator driver used by Qualcomm components on Android CAF builds using the Linux kernel. The issue arises from an unsanitized userspace-controlled parameter, enabling a local attacker to cause memory corruption. The CVSS indicates ...

CVE-2017-8271

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter...

CVE-2017-11330

The DivFixppCore::aviheaderfix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted avi file...

CVE-2017-11330

The DivFixppCore::aviheaderfix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service invalid memory write and application crash via a crafted avi file...