Google Inc Android vulnerabilities

CVE-2017-13204 [CRITICAL] CWE-200 CVE-2017-13204: An information disclosure vulnerability in the Android media framework (libavc). Product: Android. V An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

CVE-2017-13222 [HIGH] CWE-200 CVE-2017-13222: An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: A An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.

CVE-2017-13197 [HIGH] CWE-119 CVE-2017-13197: In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.

CVE-2017-13210 [HIGH] CWE-787 CVE-2017-13210: In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5

CVE-2017-13211 [HIGH] CWE-400 CVE-2017-13211: In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.

CVE-2017-13226 [HIGH] CVE-2017-13226: An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android ker An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.

CVE-2017-13198 [HIGH] CWE-20 CVE-2017-13198: A vulnerability in the Android media framework (ex) related to composition of frames lacking a color A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.

CVE-2017-13176 [HIGH] CWE-20 CVE-2017-13176: In the parseURL function of URLStreamHandler, there is improper input validation of the host field. In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7

CVE-2017-13192 [HIGH] CWE-835 CVE-2017-13192: In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero aft In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:

CVE-2017-13225 [HIGH] CWE-119 CVE-2017-13225: In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.

CVE-2017-0846 [HIGH] CWE-200 CVE-2017-0846: An information disclosure vulnerability in the Android framework (clipboardservice). Product: Androi An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

CVE-2017-13213 [HIGH] CVE-2017-13213: An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: A An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.

CVE-2017-13199 [HIGH] CWE-755 CVE-2017-13199: In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a jav In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33

CVE-2017-13195 [HIGH] CWE-835 CVE-2017-13195: In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negati In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Pro

CVE-2017-13221 [HIGH] CVE-2017-13221: An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versio An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.

CVE-2017-13202 [HIGH] CWE-200 CVE-2017-13202: An information disclosure vulnerability in the Android media framework (libeffects). Product: Androi An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.

CVE-2017-13193 [HIGH] CWE-835 CVE-2017-13193: In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resoluti In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versio

CVE-2017-13182 [HIGH] CWE-190 CVE-2017-13182: In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0,

CVE-2017-13220 [HIGH] CWE-843 CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: An An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CVE-2017-13206 [HIGH] CWE-200 CVE-2017-13206: An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. V An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.