CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13187
https://notcve.org/view.php?id=CVE-2017-13187
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. Existe una vulnerabilidad de revelación de información en el media framework de Android (libhevc). • https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5 https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13200
https://notcve.org/view.php?id=CVE-2017-13200
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. Existe una vulnerabilidad de revelación de información en el media framework de Android (av), relacionado con la sincronización id3. • https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5 https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13193
https://notcve.org/view.php?id=CVE-2017-13193
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102414 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0855
https://notcve.org/view.php?id=CVE-2017-0855
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. • http://www.securityfocus.com/bid/102414 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13177
https://notcve.org/view.php?id=CVE-2017-13177
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102414 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •