8153 matches found
CVE-2025-32318
CVE-2025-32318: A heap buffer overflow in Skia can cause an out-of-bounds write, enabling remote elevation of privilege with no user interaction. CVSSv3.1: 8.8 (Network, Low evidence required, Privileges Low, Confidentiality/Integrity/Availability High). Android 16 security notes classify this en...
CVE-2011-3975
CVE-2011-3975 involves an HTC update for Android 2.3.4 (build GRJ22) used with Sense on HTC EVO 3D, EVO 4G, ThunderBolt, and other devices. The HtcLoggers.apk component is exposed via android.permission.INTERNET and can be leveraged by user-assisted remote attackers to extract sensitive data, inc...
CVE-2013-3666
CVE-2013-3666 affects LG’s Hidden Menu component on Android for the LG Optimus G E973. The vulnerability allows physically proximate attackers to execute shell commands by entering USB Debugging mode and using adb to establish a USB connection, dialing 3845#*973#, navigating to WLAN Test > Wi‑...
CVE-2013-6272
The CVE-2013-6272 issue affects Google Android 4.1.1–4.4.2, involving the NotificationBroadcastReceiver in the com.android.phone process. The underlying flaw lets a crafted app bypass access restrictions to initiate calls, dial USSD/MMI codes, or hang up calls. Reported exploitation shows potenti...
CVE-2014-3100
The CVE-2014-3100 issue is a stack-based buffer overflow in Android 4.3’s KeyStore service (encode_key in /system/bin/keystore) that allows arbitrary code execution and may leak sensitive key information or bypass cryptographic operation restrictions when handling an overly long key name. The vul...
CVE-2014-9780
The CVE-2014-9780 issue affects the Qualcomm mdp3_ctrl.c driver in Android before 2016-07-05 on Nexus 5, 5X, and 6P. It does not validate start and length values, enabling local privilege escalation via a crafted app. Root cause: improper input validation in the MDSS hardware block. Impact stated...
CVE-2014-9972
CVE-2014-9972 affects Qualcomm products used in Android devices that run CAF Android builds with the Linux kernel. The issue arises when assertions are disabled, which can lead to a NULL pointer dereference during an out-of-memory condition. The description in the provided documents attributes th...
CVE-2015-3823
CVE-2015-3823 concerns libstagefright in Android versions before 5.1.1 LMY48T. A crafted media file can cause memory corruption in mediaserver, enabling remote code execution or a denial of service. The NVD description notes remote code execution and memory corruption via specially crafted files ...
CVE-2015-3870
CVE-2015-3870 affects Android’s libstagefright prior to 5.1.1 LMY48T. In these builds, processing a specially crafted media file could allow a remote attacker to execute arbitrary code or cause a denial of service via memory corruption in the mediaserver. The vulnerability stems from libstagefrig...
CVE-2015-3873
CVE-2015-3873 affects libstagefright in Android versions before 5.1.1 LMY48T. The issue is a memory corruption vulnerability in libstagefright triggered by processing a crafted media file, enabling remote code execution or a denial of service. The description references multiple internal bug IDs ...
CVE-2015-6596
Technical details for CVE-2015-6596 are not publicly provided in the connected documents. The initial entry notes privileges via crafted apps in Android before 5.1.1, but no vendor/version-specific technical details, fixes, or exploitation information are included here. Monitor for updates.
CVE-2015-6621
CVE-2015-6621 affects Android SystemUI on 5.x prior to 5.1.1 LMY48Z and 6.0 prior to 2015-12-01. A crafted app can escalate privileges to Signature/SignatureOrSystem due to the SystemUI bug 23909438. The vulnerability is documented across NVD/CVE lists and is addressed by the December 2015 Androi...
CVE-2015-8074
CVE-2015-8074 affects Android mediaserver prior to 5.1.1 LMY48X. The vulnerability allows remote attackers to obtain sensitive information and bypass an unspecified protection mechanism via unknown vectors, tied to internal bugs 23540907 and 23515142. This entry is distinguished from CVE-2015-661...
CVE-2015-8995
CVE-2015-8995 describes an integer overflow vulnerability in TrustZone that could affect all Android releases from CAF using the Linux kernel. The connected NVD entry attributes this to the TrustZone component, noting potential impacts to confidentiality, integrity, and availability (CVSS base me...
CVE-2016-0806
The CVE-2016-0806 issue affects the Qualcomm Wi‑Fi driver in the Android kernel, enabling local privilege escalation via a crafted application. Affected platforms include Android 4.x up to 4.4.4, 5.x up to 5.1.1 LMY49G, and 6.x prior to 2016-02-01. The root cause is the Qualcomm Wi‑Fi driver’s ha...
CVE-2016-0816
The CVE-2016-0816 issue affects mediaserver on Android 6.x (before March 1, 2016). The vulnerability allows remote code execution or memory corruption via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c (internal bug 25928803). Affects the Mediaser...
CVE-2016-10391
CVE-2016-10391 affects Qualcomm Wconnect in Android CAF builds using the Linux kernel. The root cause is insufficient validation of HCI command length, enabling a remote attacker to trigger unauthorized operations. CVSSv3 is reported as 9.8 (CRITICAL). The issue is discussed in multiple sources; ...
CVE-2016-2468
CVE-2016-2468 affects the Qualcomm GPU driver in Android prior to 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7. A local attacker could gain privileges by exploiting a vulnerability in the GPU driver via a crafted application (internal bug 27475454). The issue is categorized as Elevation of Privilege w...
CVE-2016-2485
CVE-2016-2485 affects Android 4.x/5.x/6.x where libstagefright in mediaserver fails to validate OMX buffer sizes for GSM and G711 codecs, enabling privilege escalation via a crafted app (Signature or SignatureOrSystem). Affected Android versions include 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x...
CVE-2016-3758
CVE-2016-3758 affects Android’s DexClassLoader (libdex/OptInvocation.cpp). The issue is described as multiple buffer overflows that allow attackers to gain privileges via a crafted application providing a long filename. Affected are Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1...
CVE-2016-3852
The CVE-2016-3852 entry describes an information-disclosure vulnerability in the MediaTek Wi‑Fi driver on Android One devices prior to the 2016-08-05 patch. The issue arises in the MediaTek Wi‑Fi driver (Android/Open Android bug 29141147; MediaTek ALPS02751738) and could allow a crafted applicati...
CVE-2016-8447
CVE-2016-8447 describes an elevation-of-privilege vulnerability in MediaTek components (thermal and video drivers) that could allow a locally running malicious app to execute arbitrary code in the kernel context on Android. The issue requires compromising a privileged process to exploit, and is r...
CVE-2016-8480
CVE-2016-8480 is an elevation-of-privilege issue in the Qualcomm Secure Execution Environment Communicator driver on Android. It could allow a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. Affected components/conditions: Andro...
CVE-2017-0416
CVE-2017-0416 affects Android: an elevation of privilege in the Audioserver could allow a local malicious app to execute arbitrary code in the context of a privileged process. Affected software is Android, with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The description documents th...
CVE-2017-0442
CVE-2017-0442 describes an elevation-of-privilege in the Qualcomm Wi‑Fi driver on Android, allowing a local malicious app to execute arbitrary code in the kernel context. The vulnerability, affecting Android devices with Qualcomm Wi‑Fi components, is mitigated by requiring compromise of a privile...
CVE-2017-0450
CVE-2017-0450 describes an elevation-of-privilege vulnerability in Android’s Audioserver that could allow a local malicious application to execute arbitrary code within the context of a privileged process. Root cause is a privilege escalation in Audioserver; impact is local code execution in a pr...
CVE-2017-0473
CVE-2017-0473 detail (Android/Mediaserver) : A remote code execution vulnerability exists in Mediaserver where a attacker can exploit a memory corruption during media file and data processing by sending a specially crafted file. Affected products/versions: Android 6.0, 6.0.1, 7.0, 7.1.1. CVSSv3 b...
CVE-2017-0479
CVE-2017-0479 describes an elevation of privilege vulnerability in the Android Audioserver. A local malicious app could execute arbitrary code in the context of a privileged process. Affected software: Android, with listed versions including 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The ro...
CVE-2017-0484
The CVE-2017-0484 entry concerns a denial-of-service in Mediaserver on Android. The issue allows a specially crafted file to cause a device hang or reboot. Affected products/versions are Android 6.0, 6.0.1, 7.0, and 7.1.1 (Android ID A-33298089). The vulnerability arises from how Mediaserver hand...
CVE-2017-0498
CVE-2017-0498 describes a denial-of-service condition in Android Setup Wizard that could let a local attacker force a Google account sign-in after a factory reset. Affected versions include Android 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The vulnerability is local in scope, with no exploitation detail...
CVE-2017-0504
CVE-2017-0504 is an elevation-of-privilege vulnerability in MediaTek components used by Android, including the M4U, sound, touchscreen, GPU, and Command Queue drivers. The flaw could let a local malicious app execute arbitrary code within the kernel, potentially leading to a permanent device comp...
CVE-2017-0591
CVE-2017-0591 is a remote code execution vulnerability in libavc used by Android Mediaserver. A specially crafted media file could trigger memory corruption during media file and data processing, allowing an attacker to run code in the Mediaserver context. Affected products/versions include Andro...
CVE-2017-0598
CVE-2017-0598 is an information-disclosure vulnerability in Android’s Framework APIs. The flaw could allow a local malicious application to bypass OS data isolation protections and access data from other apps. Affected products/versions, per authoritative sources, include Android 4.4.4 through 7....
CVE-2017-0602
CVE-2017-0602 describes an information-disclosure vulnerability in Bluetooth on Android that could let a local malicious app bypass OS protections that isolate app data. Affected versions span Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The vulnerability is categorized as Mode...
CVE-2017-0643
CVE-2017-0643 describes a remote denial-of-service vulnerability in Android’s Media framework (Mediaserver). The issue could be triggered by processing a specially crafted media file, leading to a device hang or reboot. Affected products/versions include Android 5.0.2, 5.1.1, 6.0/6.0.1, 7.0, and ...
CVE-2017-0685
CVE-2017-0685 is a DoS in the Android media framework affecting Android 6.0/6.0.1/7.0/7.1.1/7.1.2. The connected CNVD entry notes a DoS via the media framework with an infinite loop attack vector; no root-cause or patch details are provided in the supplied documents.
CVE-2017-0691
CVE-2017-0691 is a denial-of-service vulnerability in the Android media framework affecting Android 7.0, 7.1.1 and 7.1.2 (Android ID A-36724453). The NVD CVSS data lists a medium severity (CVSSv2: 4.3; AV:N/AC:M/Au:N/I:N/C:N/A:P) and a CVSSv3 score of 5.5 (LOCAL, UI required, high availability im...
CVE-2017-0694
CVE-2017-0694 is a denial-of-service vulnerability in the Android media framework. Affected products: Android devices running versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The vulnerability is classified as DoS (no details on exploit vectors provided in the initial documents). The ...
CVE-2017-0703
The CVE-2017-0703 entry describes an Elevation of Privilege vulnerability in Android System UI affecting Android 4.4.4 through 7.1.2. Root cause: a flaw in System UI that could allow a local attacker to escalate privileges. Impact as documented: HIGH for confidentiality, integrity, and availabili...
CVE-2017-0715
CVE-2017-0715 is a remote code execution vulnerability in Android’s media framework (libavc). Affected products/versions per the provided documents include Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is described as RCE within the media framework libavc and is listed under the Android Se...
CVE-2017-0729
CVE-2017-0729 is an Elevation of Privilege in Android’s media framework mediadrmserver. The vulnerability affects Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2, enabling a remote attacker to execute arbitrary code with elevated privileges within a privileged context via mediadr...
CVE-2017-0734
CVE-2017-0734 is a DoS in the Android media framework libavc affecting Android 6.0–7.1.x. The vulnerability is described as a denial of service vulnerability in the media framework, but the provided documents do not specify root cause details, affected subcomponents beyond libavc, exploit vectors...
CVE-2017-0767
CVE-2017-0767 is an Elevation of Privilege vulnerability in Android’s media framework (libeffects) affecting Android versions 4.4.4 through 7.1.2. The issue is described as an EoP in the media stack, enabling a local attacker to execute code with elevated privileges within a privileged process. T...
CVE-2017-0779
CVE-2017-0779 is an information-disclosure vulnerability in Android’s media framework (audioflinger) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0–6.0.1, 7.0, 7.1.1, 7.1.2 (Android ID A-38340117). Public details come from NVD: CVSS2 vector AV:N/AC:M/Au:N/C:P/I:N/A:N (base 4.3) and CVSS3 vec...
CVE-2017-0799
CVE-2017-0799 is a MediaTek-related elevation-of-privilege vulnerability affecting the MediaTek lastbus within the Android kernel. The issue is described as an EoP in the lastbus component, enabling a local attacker to potentially gain higher privileges. The vulnerability is associated with Media...
CVE-2017-0845
CVE-2017-0845 is a denial-of-service vulnerability in the Android framework’s syncstorageengine. The issue affects Android devices running versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The vulnerability is categorized as DoS with network attack vector and authorship requires no user i...
CVE-2017-0846
CVE-2017-0846 is an information-disclosure vulnerability in the Android framework component clipboardservice. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The Pixel/Nexus bulletin indicates a security patch level of 2018-01-05 (AOSP updates) addresses this issu...
CVE-2017-0858
CVE-2017-0858 is a DoS vulnerability in the Android media framework affecting Pixel/Nexus devices. The Pixel security bulletin groups the issue under Media framework with NSI classification and lists affected AOSP versions 7.0, 7.1.1, 7.1.2, and 8.0. The vulnerability is described as part of a br...
CVE-2017-0872
CVE-2017-0872 is a remote code execution in Android's media framework (libskia). Affected products/versions per the Android bulletin and NVD: Android 7.0, 7.1.1, 7.1.2, 8.0. The root cause is a vulnerability in the media framework codecs (libskia, libmpeg2, libhevc, libavc) that could allow a cra...
CVE-2017-10709
CVE-2017-10709 affects Elephone P9000 devices running Android 6.0. The lockscreen can be bypassed to defeat the wrong-PIN lockout by pressing backspace after each PIN guess, using physical proximity as the attack vector. Documented impact indicates confidentiality, integrity, and availability may...