Google Inc Android vulnerabilities

CVE-2017-13225 [HIGH] CWE-119 CVE-2017-13225: In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.

CVE-2017-13182 [HIGH] CWE-190 CVE-2017-13182: In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0,

CVE-2017-13217 [HIGH] CWE-787 CVE-2017-13217: In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitat

CVE-2017-13192 [HIGH] CWE-835 CVE-2017-13192: In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero aft In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:

CVE-2017-13195 [HIGH] CWE-835 CVE-2017-13195: In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negati In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Pro

CVE-2017-13221 [HIGH] CVE-2017-13221: An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versio An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.

CVE-2017-13212 [HIGH] CVE-2017-13212: An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.

CVE-2017-13216 [HIGH] CWE-787 CVE-2017-13216: In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when access In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Andr

CVE-2017-13211 [HIGH] CWE-400 CVE-2017-13211: In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.

CVE-2017-13201 [HIGH] CWE-200 CVE-2017-13201: An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.

CVE-2017-13183 [HIGH] CWE-362 CVE-2017-13183: In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interac

CVE-2017-13191 [HIGH] CWE-835 CVE-2017-13191: In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete fra In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0,

CVE-2017-13193 [HIGH] CWE-835 CVE-2017-13193: In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resoluti In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versio

CVE-2017-13190 [HIGH] CWE-770 CVE-2017-13190: A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory all A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.

CVE-2017-13194 [HIGH] CWE-20 CVE-2017-13194: A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.

CVE-2017-13181 [HIGH] CWE-415 CVE-2017-13181: In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to no In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions

CVE-2017-13186 [HIGH] CWE-20 CVE-2017-13186: A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716.

CVE-2017-13200 [HIGH] CWE-200 CVE-2017-13200: An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchro An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.

CVE-2017-13207 [HIGH] CWE-200 CVE-2017-13207: An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Pr An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.

CVE-2017-13180 [HIGH] CWE-416 CVE-2017-13180: In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use af In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution priv