CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13299
https://notcve.org/view.php?id=CVE-2017-13299
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. Vulnerabilidad no especificada en el media framework de Android (libhavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13298
https://notcve.org/view.php?id=CVE-2017-13298
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. Existe una vulnerabilidad de revelación de información en el media framework de Android (libhavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13296
https://notcve.org/view.php?id=CVE-2017-13296
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454. Vulnerabilidad de divulgación de información en el media framework de Android (libavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13289
https://notcve.org/view.php?id=CVE-2017-13289
In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13278
https://notcve.org/view.php?id=CVE-2017-13278
In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •