CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 3CVE-2017-13253 – Android DRM Services - Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-13253
15 Mar 2018 — In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://packetstorm.news/files/id/146822 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13233
https://notcve.org/view.php?id=CVE-2017-13233
12 Feb 2018 — In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102976 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13234
https://notcve.org/view.php?id=CVE-2017-13234
12 Feb 2018 — In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102976 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13228
https://notcve.org/view.php?id=CVE-2017-13228
12 Feb 2018 — In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102976 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2017-13229
https://notcve.org/view.php?id=CVE-2017-13229
12 Feb 2018 — A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703. Existe una vulnerabilidad de ejecución remota de código en el media framework de Android (n/a). • http://www.securityfocus.com/bid/103016 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-13230
https://notcve.org/view.php?id=CVE-2017-13230
12 Feb 2018 — In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102976 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13231
https://notcve.org/view.php?id=CVE-2017-13231
12 Feb 2018 — In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102976 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13232
https://notcve.org/view.php?id=CVE-2017-13232
12 Feb 2018 — In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102976 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13235
https://notcve.org/view.php?id=CVE-2017-13235
12 Feb 2018 — A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866. Existe una vulnerabilidad en el media framework de Android (n/a). • https://source.android.com/security/bulletin/pixel/2018-02-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13239
https://notcve.org/view.php?id=CVE-2017-13239
12 Feb 2018 — A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132. Existe una vulnerabilidad de revelación de información en el framework de Android (ui framework). • http://www.securityfocus.com/bid/103012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •