CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5051 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
2 CVE-2017-5050 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
3 CVE-2017-5049 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
4 CVE-2017-5048 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
5 CVE-2017-5047 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
6 CVE-2017-5044 119 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
7 CVE-2017-5037 190 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
8 CVE-2017-5030 119 Exec Code Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
9 CVE-2017-5029 787 Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
10 CVE-2017-5025 119 Overflow 2017-02-17 2017-02-17
4.3
None Remote Medium Not required None None Partial
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
11 CVE-2017-5024 119 Overflow 2017-02-17 2017-02-23
4.3
None Remote Medium Not required None None Partial
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
12 CVE-2017-5014 119 Overflow 2017-02-17 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
13 CVE-2017-5012 119 Overflow 2017-02-17 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14 CVE-2017-5009 119 Overflow 2017-02-17 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
15 CVE-2017-0592 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.
16 CVE-2017-0591 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.
17 CVE-2017-0590 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.
18 CVE-2017-0589 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.
19 CVE-2017-0588 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.
20 CVE-2017-0587 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.
21 CVE-2017-0543 119 Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.
22 CVE-2017-0542 119 Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.
23 CVE-2017-0541 119 Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018.
24 CVE-2017-0540 119 Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.
25 CVE-2017-0539 119 Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.
26 CVE-2017-0538 119 Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.
27 CVE-2017-0476 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925.
28 CVE-2017-0474 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224.
29 CVE-2017-0473 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658.
30 CVE-2017-0472 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021.
31 CVE-2017-0471 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782.
32 CVE-2017-0470 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500.
33 CVE-2017-0469 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635.
34 CVE-2017-0468 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708.
35 CVE-2017-0467 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33250932.
36 CVE-2017-0466 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-05-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33139050.
37 CVE-2017-0407 119 Exec Code Overflow Mem. Corr. 2017-02-08 2017-02-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375.
38 CVE-2017-0406 119 Exec Code Overflow Mem. Corr. 2017-02-08 2017-02-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871.
39 CVE-2017-0405 119 Exec Code Overflow Mem. Corr. 2017-02-08 2017-02-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359.
40 CVE-2017-0381 119 Overflow 2017-01-12 2017-01-26
9.3
None Remote Medium Not required Complete Complete Complete
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.
41 CVE-2016-10239 190 Overflow Bypass 2017-05-16 2017-05-23
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.
42 CVE-2016-8411 119 Overflow 2017-01-27 2017-02-07
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
43 CVE-2016-7990 190 DoS Exec Code Overflow 2016-10-31 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
44 CVE-2016-6701 119 Exec Code Overflow Mem. Corr. 2016-11-25 2016-12-06
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.
45 CVE-2016-6699 119 Exec Code Overflow Mem. Corr. 2016-12-13 2016-12-14
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622.
46 CVE-2016-6695 119 DoS Overflow 2016-10-10 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.
47 CVE-2016-6676 119 DoS Overflow +Priv 2016-10-10 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853.
48 CVE-2016-6675 119 DoS Overflow +Priv 2016-10-10 2016-12-06
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed ioctl call, aka Android internal bug 30873776 and Qualcomm internal bug CR 1000861.
49 CVE-2016-5344 190 DoS Overflow 2016-08-30 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
50 CVE-2016-5342 119 DoS Overflow 2016-08-30 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data.
Total number of vulnerabilities : 527   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.