Google Inc Android vulnerabilities

CVE-2017-0686 [MEDIUM] CWE-476 CVE-2017-0686: A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.

CVE-2017-0672 [MEDIUM] CWE-20 CVE-2017-0672: A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578.

CVE-2017-0668 [MEDIUM] CWE-200 CVE-2017-0668: A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.

CVE-2017-0699 [MEDIUM] CWE-200 CVE-2017-0699: A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6 A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.

CVE-2017-0696 [MEDIUM] CWE-20 CVE-2017-0696: A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6 A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.

CVE-2017-0695 [MEDIUM] CWE-787 CVE-2017-0695: A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.

CVE-2017-0670 [MEDIUM] CVE-2017-0670: A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1 A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177.

CVE-2017-0637 [HIGH] CWE-119 CVE-2017-0637: A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a spe A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6

CVE-2017-0648 [HIGH] CVE-2017-0648: An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious ap An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Ke

CVE-2017-0663 [HIGH] CWE-787 CVE-2017-0663: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,

CVE-2017-0636 [HIGH] CVE-2017-0636: An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local ma An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.

CVE-2017-0649 [HIGH] CVE-2017-0649: An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android.

CVE-2017-0638 [HIGH] CWE-787 CVE-2017-0638: A remote code execution vulnerability in System UI component could enable an attacker using a specia A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368

CVE-2017-0642 [MEDIUM] CVE-2017-0642: A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.

CVE-2017-0645 [MEDIUM] CWE-200 CVE-2017-0645: An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to a An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.

CVE-2017-0650 [MEDIUM] CWE-200 CVE-2017-0650: An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local mal An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.

CVE-2017-0647 [MEDIUM] CWE-200 CVE-2017-0647: An information disclosure vulnerability in libziparchive could enable a local malicious application An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.

CVE-2017-0640 [MEDIUM] CVE-2017-0640: A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.

CVE-2017-0641 [MEDIUM] CWE-665 CVE-2017-0641: A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.

CVE-2017-0646 [MEDIUM] CWE-200 CVE-2017-0646: An information disclosure vulnerability in Bluetooth component could enable a local malicious applic An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.