Google Inc Android vulnerabilities

CVE-2017-13204 [CRITICAL] CWE-200 CVE-2017-13204: An information disclosure vulnerability in the Android media framework (libavc). Product: Android. V An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

CVE-2017-13197 [HIGH] CWE-119 CVE-2017-13197: In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.

CVE-2017-13226 [HIGH] CVE-2017-13226: An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android ker An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.

CVE-2017-13198 [HIGH] CWE-20 CVE-2017-13198: A vulnerability in the Android media framework (ex) related to composition of frames lacking a color A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.

CVE-2017-13176 [HIGH] CWE-20 CVE-2017-13176: In the parseURL function of URLStreamHandler, there is improper input validation of the host field. In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7

CVE-2017-13213 [HIGH] CVE-2017-13213: An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: A An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.

CVE-2017-13199 [HIGH] CWE-755 CVE-2017-13199: In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a jav In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33

CVE-2017-13202 [HIGH] CWE-200 CVE-2017-13202: An information disclosure vulnerability in the Android media framework (libeffects). Product: Androi An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.

CVE-2017-13222 [HIGH] CWE-200 CVE-2017-13222: An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: A An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.

CVE-2017-13220 [HIGH] CWE-843 CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: An An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CVE-2017-0869 [HIGH] CWE-190 CVE-2017-0869: NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and poss NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.

CVE-2017-13219 [HIGH] CVE-2017-13219: A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.

CVE-2017-13210 [HIGH] CWE-787 CVE-2017-13210: In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5

CVE-2017-13214 [HIGH] CWE-20 CVE-2017-13214: In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900.

CVE-2017-13196 [HIGH] CWE-772 CVE-2017-13196: In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could l In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7

CVE-2017-13189 [HIGH] CWE-770 CVE-2017-13189: A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocatio A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.

CVE-2017-13215 [HIGH] CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.

CVE-2017-0855 [HIGH] CWE-772 CVE-2017-0855: In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up int In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.

CVE-2017-13206 [HIGH] CWE-200 CVE-2017-13206: An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. V An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.

CVE-2017-0846 [HIGH] CWE-200 CVE-2017-0846: An information disclosure vulnerability in the Android framework (clipboardservice). Product: Androi An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.