8153 matches found
CVE-2024-20038
CVE-2024-20038 affects the pq module (MediaTek-related references in connected documents) with an out-of-bounds read caused by an incorrect bounds check. This can lead to local information disclosure, requiring System execution privileges for exploitation and no user interaction. The vulnerabilit...
CVE-2024-20078
CVE-2024-20078 affects the venc component. The issue is a type-confusion–driven out-of-bounds write that can cause local escalation to System privileges; exploitation requires no user interaction. Remediation exists as Patch ID ALPS08737250 (MSV-1452). Several sources (NVD, Red Hat, CVE listings,...
CVE-2024-56190
CVE-2024-56190 affects the wl_update_hidden_ap_ie() function in wl_cfgscan.c, causing an out-of-bounds write due to improper input validation. This is described as enabling local privilege escalation with no extra privileges or user interaction required. Connected sources reiterate the same descr...
CVE-2025-31711
The CVE-2025-31711 entry concerns the cplog service, where a null pointer dereference can cause a system crash leading to local denial of service (no extra privileges required). Connections across sources (e.g., Red Hat advisory, UNISOC-related postings) reiterate the same impact and local exploi...
CVE-2011-2343
Technical details about CVE-2011-2343 are not publicly provided in the connected documents. Monitor for updates.
CVE-2014-9882
CVE-2014-9882 is a buffer overflow in drivers/media/radio/radio-iris.c within the Qualcomm component used on Android devices (notably Nexus 7 2013). Exploitation via a crafted application could allow an attacker to gain privileges on the device. Multiple connected sources corroborate this issue a...
CVE-2014-9929
CVE-2014-9929 refers to a Use of Out-of-range Pointer Offset vulnerability in WCDMA for Android CAF builds using the Linux kernel. Public entries describe the root cause as an out-of-range pointer offset (with at least one linked source labeling the issue as a Null pointer dereference). The vulne...
CVE-2015-3842
The CVE-2015-3842 entry describes multiple heap-based overflows in mediaserver’s AudioPolicyService (libeffects) on Android before 5.1.1 LMY48I. The underlying issue is heap corruption due to unchecked/buffer handling in the mediaserver component, enabling arbitrary code execution with remote/ cr...
CVE-2015-3849
CVE-2015-3849 affects Android before 5.1.1 LMY48M, where Region_createFromParcel in core/jni/android/graphics/Region.cpp does not check the return values of certain reads, enabling an attacker to execute arbitrary code by sending a crafted message to a service. The issue is described as an “eleva...
CVE-2015-6609
The CVE-2015-6609 issue concerns libutils in Android before 5.1.1 LMY48X and Android 6.0 before 2015-11-01. The root cause is memory corruption triggered by processing a crafted audio file, which could allow remote code execution or cause a denial of service. Affected products are described as An...
CVE-2015-6613
CVE-2015-6613 affects Android devices running versions prior to 5.1.1 LMY48X and before 2015-11-01 on 6.0. The issue allows a local attacker via Bluetooth to send commands to a debugging port and gain privileges (Signature or SignatureOrSystem) through a crafted app. The vulnerability is tied to ...
CVE-2015-6619
CVE-2015-6619 affects the Android kernel: elevation of privilege via a crafted app in the Linux-based kernel prior to Android 5.1.1 LMY48Z and 6.0 prior to 2015-12-01. The root cause is an internal bug (23520714) that could allow local attackers to execute arbitrary code with device root privileg...
CVE-2015-6623
CVE-2015-6623 is an Android Wi‑Fi elevation-of-privilege vulnerability affecting Android 6.0 and earlier builds before 2015-12-01. Exploitation could allow a crafted application to gain Signature or SignatureOrSystem access through the Wi‑Fi stack, as described in the Android bulletin’s entry for...
CVE-2015-6632
CVE-2015-6632 affects libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allowing remote attackers to obtain sensitive information and potentially bypass a protection mechanism by obtaining Signature or SignatureOrSystem access via unknown vectors. The issue is documented in...
CVE-2015-6633
The CVE-2015-6633 entry describes a memory corruption vulnerability in Android display drivers that can enable remote code execution or a denial of service when processing specially crafted media files. Affected products are Android versions prior to 5.1.1 LMY48Z and Android 6.0 prior to 2015-12-...
CVE-2015-7716
CVE-2015-7716 affects Android 5.x before 5.1.1 LMY48T, where the libstagefright media pipeline is vulnerable to memory corruption when processing a crafted media file. This can allow remote attackers to execute arbitrary code or cause a denial of service. The entry maps to internal bug 20721050 a...
CVE-2015-8506
The CVE-2015-8506 entry concerns Android mediaserver memory corruption via a crafted media file, allowing remote code execution or denial of service. Affected software: Android mediaserver prior to 5.1.1 LMY48Z and 6.0 prior to 2015-12-01. Root cause: memory corruption triggered by crafted media ...
CVE-2016-0829
The CVE-2016-0829 issue affects Android mediaserver and is triggered in the BnGraphicBufferProducer::onTransact path within libs/gui/IGraphicBufferConsumer.cpp. The root cause is failure to initialize a specific output data structure in Mediaserver, allowing an attacker to read leaked data and by...
CVE-2016-10346
CVE-2016-10346 describes an integer overflow in the hypervisor of Qualcomm closed‑source components used in Android CAF/Linux kernel. The vulnerability affects Qualcomm hypervisor code in Android devices, with root cause an integer overflow in the hypervisor. According to the provided data, the i...
CVE-2016-2454
The CVE-2016-2454 entry describes a denial-of-service vulnerability in the Qualcomm hardware video codec used by Android on Nexus 5 devices prior to 2016-05-01. A crafted media/file could trigger memory corruption in the mediaserver path and cause the device to reboot, allowing remote attackers t...
CVE-2016-5346
CVE-2016-5346 affects Google Pixel/Pixel XL via the Qualcomm Avtimer driver. It is a NULL pointer dereference when processing an accept() call on AF_MSM_IPC sockets in a user process, enabling a local attacker to disclose sensitive information. The available documents confirm local information di...
CVE-2016-6740
CVE-2016-6740 is an elevation-of-privilege vulnerability in the Qualcomm camera driver on Android, allowing a local malicious application to execute arbitrary code in the kernel context after bypassing a privileged process. The issue is triggered locally and requires interaction with a privileged...
CVE-2017-0331
CVE-2017-0331 (NVIDIA Tegra kernel driver, NVMAP): An elevation-of-privilege/DoS issue where untrusted data can change between validation and use, potentially allowing a local attacker to escalate privileges or cause kernel-state impact. Affected context references Android on kernel 3.10 and the ...
CVE-2017-0384
CVE-2017-0384 describes an elevation-of-privilege flaw in Android’s Audioserver, specifically in libeffects/src/lvm/wrapper/Bundle/EffectBundle.cpp, which could allow a local malicious app to run arbitrary code inside a privileged process. Affected products/versions include Android 4.4.4, 5.0.2, ...
CVE-2017-0387
CVE-2017-0387 affects Android MediaServer: elevation of privilege allowing a local malicious app to execute code in a privileged process. Affected: Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 (Android ID A-32660278). Description in connected sources reiterates that MediaServer is the vuln...
CVE-2017-0391
CVE-2017-0391 is a DoS vulnerability in Mediaserver’s libhevc decoder (decoder/ihevcd_decode.c). A remote attacker could exploit a specially crafted Media file to trigger a device hang or reboot. The Android bulletin/summary specifies this issue under the Media/Mediaserver entry with a High impac...
CVE-2017-0408
CVE-2017-0408 describes a remote code execution vulnerability in libgdx used by Android 7.1.1, where a specially crafted file could cause arbitrary code execution in an unprivileged process. The issue is documented as high-severity (CVSS 3.0 base score 7.8) and is associated with the Android plat...
CVE-2017-0417
Technical details about CVE-2017-0417 are not provided in the supplied documents. No specific affected versions, exploit information, or fixes are disclosed here; monitor for updates from vendors and security bulletins.
CVE-2017-0434
CVE-2017-0434 affects the Synaptics touchscreen driver in the Android kernel (Kernel-3.18). It is an elevation of privilege vulnerability that could allow a local malicious application to execute arbitrary code within the context of the touchscreen chipset after compromising a privileged process....
CVE-2017-0444
CVE-2017-0444 is a local elevation-of-privilege issue in the Realtek sound driver affecting Android devices (kernel 3.10). Connected sources (e.g., CNVD, NVD entries) describe exploitation that allows a locally executed, malicious application to run code in the kernel context via the Realtek driv...
CVE-2017-0447
CVE-2017-0447 describes an elevation-of-privilege flaw in the HTC touchscreen driver that could allow a local malicious application to execute arbitrary code in the kernel context on Android devices. The vulnerability is tied to the Android kernel (Kernel-3.18) and affects Android devices leverag...
CVE-2017-0492
The CVE-2017-0492 entry describes a local elevation-of-privilege issue in Android's System UI that allows a malicious local app to create a UI overlay covering the entire screen. Affected product/version: Android System UI on Android 7.1.1. Root cause: bypass of user interaction requirements enab...
CVE-2017-0497
CVE-2017-0497 describes a denial-of-service vulnerability in Android's Mediaserver. A specially crafted file could cause a device hang or reboot on affected builds (Android 7.0 and 7.1.1). The issue is documented with moderate severity and an uncommon device configuration required for exploitatio...
CVE-2017-0542
CVE-2017-0542 is a remote code execution vulnerability in libavc within Android’s Mediaserver. According to connected documents, it affects Android 6.0, 6.0.1, 7.0, and 7.1.1, with the root cause described as memory corruption during media file and data processing when handling specially crafted ...
CVE-2017-0555
CVE-2017-0555 is an information disclosure flaw in Android’s Mediaserver libavc component. The vulnerability could allow a local malicious app to access data outside its permissions by exploiting Mediaserver during media processing. Affected: Android 6.0–7.1.1 (versions 6.0, 6.0.1, 7.0, 7.1.1). R...
CVE-2017-0597
CVE-2017-0597 (Audioserver elevation of privilege) affects Android where a local malicious app could execute code in the context of a privileged process via the Audioserver. Affected products/versions include Android 4.4.4 through 7.1.2. The root cause is a privilege-escalation vulnerability with...
CVE-2017-0603
CVE-2017-0603 describes a denial-of-service in libstagefright within Mediaserver on Android. A crafted media file could cause a device hang or reboot. Affected versions: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause: DoS condition in Mediaserver/libstagefright. Impact: Mo...
CVE-2017-0666
CVE-2017-0666 is an elevation-of-privilege issue in the Android framework affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 (Android ID: A-37285689). The connected Nessus entry UNPATCHED_CVE_2017_0666.NASL confirms the vulnerability exists in Linux/Unix-hosted packages...
CVE-2017-0673
CVE-2017-0673 is a remote code execution vulnerability in Android’s media framework. The issue affects Android 6.0, 6.0.1, 7.0, 7.1.1 and 7.1.2, and (per the connected sources) arises from the media framework handling of crafted media content, enabling code execution in a privileged process. The ...
CVE-2017-0677
CVE-2017-0677 is a remote code execution vulnerability in the Android media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The CVE is listed with Android as the affected product and Android ID A-36035074. Public disclosures in connected sources confirm the issue as a media framewo...
CVE-2017-0693
CVE-2017-0693 refers to a DoS vulnerability in the Android media framework. Affected products/versions are Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The CNVD entry describes a denial-of-service condition in the Android media framework that an attacker could trigger remotely to cause a DoS. Publi...
CVE-2017-0725
CVE-2017-0725 is a Denial of Service in the Android media framework (libskia) affecting Android versions 7.0, 7.1.1, and 7.1.2. The vulnerability is tied to the libskia component used for graphics decoding in the Media framework. Exploit details are not provided in the documents beyond the DoS de...
CVE-2017-0732
CVE-2017-0732 is referenced in EulerOS security advisories as a vulnerability in OpenSSL/OpenSSL-based TLS key exchange. The connected Nessus/NASL entries describe that during TLS key exchange with a DH(E) cipher suite a server may send a very large prime, causing the client to hang while generat...
CVE-2017-0744
CVE-2017-0744 is detailed in connected documents as an Elevation of Privilege (EoP) affecting Google device sound drivers, with a Low severity patch in the August 2017 OTA. The vulnerability is tied to NVIDIA firmware processing per the NVD entry for Android kernel, while Android bulletin section...
CVE-2017-0772
CVE-2017-0772 is a DoS in Android's media framework libavc affecting Android 6.0–8.0. The NVD entry lists: vulnerable component libavc in Android; affected versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0; impact is Denial of Service with a CVSS v3.0 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (base...
CVE-2017-0773
CVE-2017-0773 is a DoS vulnerability in Android’s media framework (libhevc) affecting Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue is classified with LOCAL attack vector and HIGH availability impact per the NVD entry, with user interaction required for exploita...
CVE-2017-0791
CVE-2017-0791 is an elevation-of-privilege vulnerability affecting the Broadcom Wi‑Fi driver in Android (kernel). The entry states the issue enables privilege escalation but does not provide exploitation details, affected versions, or remediation steps within the supplied documents.
CVE-2017-0794
CVE-2017-0794 is an elevation of privilege vulnerability affecting the Upstream kernel SCSI driver in the Android kernel. The issue is a local vulnerability (CVSSv3: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) that could allow a local attacker to escalate privileges, requiring user interaction for explo...
CVE-2017-0800
CVE-2017-0800 is an elevation of privilege (EoP) vulnerability in MediaTek teei (TEE) within Android kernel, classified as High severity. The affected component is MediaTek teei (TEEI) and the vulnerability is documented under CVE-2017-0800 with MediaTek reference M-ALPS03302988. The Connected do...
CVE-2017-0802
CVE-2017-0802 is described in connected sources as a local elevation-of-privilege vulnerability in the MediaTek kernel used by Android. The MTK component table lists CVE-2017-0802 with type EoP and impact in the Kernel, indicating a privilege escalation path, but the documents do not provide conc...