Platform Frameworks Av vulnerabilities

CVE-2021-0520 CVE-2021-0520: In several functions of MemoryFileSystem In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0510 CVE-2021-0510: In decrypt_1_2 of CryptoPlugin In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0558 CVE-2021-0558: In fillMainDataBuf of pvmp3_framedecoder In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0557 CVE-2021-0557: In setRange of ABuffer In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0508 CVE-2021-0508: In various functions of DrmPlugin In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0563 CVE-2021-0563: In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0559 CVE-2021-0559: In Lag_max of p_ol_wgh In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0484 CVE-2021-0484: In readVector of IMediaPlayer In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0482 CVE-2021-0482: In BinderDiedCallback of MediaCodec In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0471 CVE-2021-0471: In decrypt_1_2 of CryptoPlugin In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0437 CVE-2021-0437: In setPlayPolicy of DrmPlugin In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0436 CVE-2021-0436: In CryptoPlugin::decrypt of CryptoPlugin In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2021-0335 CVE-2021-0335: In process of C2SoftHevcDec In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0312 CVE-2021-0312: In WAVSource::read of WAVExtractor In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2021-0311 CVE-2021-0311: In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0411 CVE-2020-0411: In ~AACExtractor() of AACExtractor In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0414 CVE-2020-0414: In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0245 CVE-2020-0245: In DecodeFrameCombinedMode of combined_decode In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2020-0393 CVE-2020-0393: In decrypt and decrypt_1_2 of CryptoPlugin In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2020-0241 CVE-2020-0241: In NuPlayerStreamListener of NuPlayerStreamListener In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.