decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.
7.7CVSS
7.1AI Score
0.001EPSS
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file...
7.5CVSS
7AI Score
0.003EPSS
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526.
7.8CVSS
7.5AI Score
0.001EPSS
The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.
7.8CVSS
7.5AI Score
0.001EPSS
The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.
7.8CVSS
7.5AI Score
0.001EPSS
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279.
7.8CVSS
7.3AI Score
0.001EPSS
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.
7.8CVSS
7.5AI Score
0.001EPSS
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.
7.8CVSS
7.4AI Score
0.001EPSS
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.
7.8CVSS
7.5AI Score
0.001EPSS
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.
7.8CVSS
7.5AI Score
0.001EPSS
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.
7.8CVSS
7.4AI Score
0.001EPSS
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.
7.8CVSS
7.4AI Score
0.001EPSS
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.
7.8CVSS
7.5AI Score
0.001EPSS
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.
7.8CVSS
7.5AI Score
0.001EPSS
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.
7.8CVSS
7.5AI Score
0.001EPSS
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
7.8CVSS
7.5AI Score
0.001EPSS
The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.
5.5CVSS
5.7AI Score
0.001EPSS
The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28175522 and MediaTek internal bug ALPS02694389.
5.5CVSS
5.5AI Score
0.001EPSS
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
7.8CVSS
7.3AI Score
0.001EPSS
The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.
5.5CVSS
5.5AI Score
0.001EPSS
The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322 and Qualcomm internal bug CR1010222.
5.5CVSS
5.5AI Score
0.001EPSS
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.
5.5CVSS
5.4AI Score
0.001EPSS
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.
5.5CVSS
5.4AI Score
0.001EPSS
The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.
5.5CVSS
5.5AI Score
0.001EPSS
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
5.5CVSS
5.7AI Score
0.001EPSS
Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte...
9.8CVSS
8.9AI Score
0.007EPSS
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.
9.8CVSS
8.8AI Score
0.005EPSS
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a craft...
9.8CVSS
8.8AI Score
0.005EPSS
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 288...
7.8CVSS
6.7AI Score
0.005EPSS
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.
7.8CVSS
7.5AI Score
0.001EPSS
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug 28816827.
7.8CVSS
7.5AI Score
0.001EPSS
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.
7.8CVSS
7.5AI Score
0.001EPSS
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug ...
7.8CVSS
7.5AI Score
0.001EPSS
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.
5.5CVSS
5.7AI Score
0.002EPSS
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.
5.5CVSS
5.7AI Score
0.002EPSS
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.
5.5CVSS
5.7AI Score
0.002EPSS
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.
5.5CVSS
5.8AI Score
0.002EPSS
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, ...
7.5CVSS
7.1AI Score
0.003EPSS
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application, aka internal bug 287...
7.8CVSS
7.3AI Score
0.001EPSS