CVE-2013-4736
published 2014-02-10CVE-2013-4736: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC)…
PriorityP433high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
1.33%
67.5th percentile
Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6gr-v6x2-63wj: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2
ghsa_unreviewed·2022-05-17
CVE-2013-4736 [HIGH] GHSA-q6gr-v6x2-63wj: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2
Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.
OSV
CVE-2013-4736: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2
osv·2014-02-10·CVSS 7.8
CVE-2013-4736 [HIGH] CVE-2013-4736: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2
Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.
Red Hat
CVE-2013-4736: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2
vendor_redhat·CVSS 7.8
CVE-2013-4736 [HIGH] CVE-2013-4736: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2
Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.
Statement: Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
No detection rules found.
No public exploits indexed.
2014-02-10
Published