# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
24401 |
CVE-2017-13206 |
200 |
|
+Info |
2018-01-12 |
2018-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048. |
24402 |
CVE-2017-13205 |
200 |
|
+Info |
2018-01-12 |
2018-01-26 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583. |
24403 |
CVE-2017-13204 |
200 |
|
+Info |
2018-01-12 |
2018-01-25 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237. |
24404 |
CVE-2017-13203 |
200 |
|
+Info |
2018-01-12 |
2018-01-25 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634. |
24405 |
CVE-2017-13202 |
200 |
|
+Info |
2018-01-12 |
2018-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856. |
24406 |
CVE-2017-13201 |
200 |
|
+Info |
2018-01-12 |
2018-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768. |
24407 |
CVE-2017-13200 |
200 |
|
+Info |
2018-01-12 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. |
24408 |
CVE-2017-13199 |
755 |
|
DoS |
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679. |
24409 |
CVE-2017-13198 |
20 |
|
|
2018-01-12 |
2018-02-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117. |
24410 |
CVE-2017-13197 |
119 |
|
DoS Overflow |
2018-01-12 |
2018-02-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973. |
24411 |
CVE-2017-13196 |
772 |
|
DoS Exec Code |
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067. |
24412 |
CVE-2017-13195 |
835 |
|
DoS |
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821. |
24413 |
CVE-2017-13194 |
20 |
|
|
2018-01-12 |
2019-05-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. |
24414 |
CVE-2017-13193 |
835 |
|
DoS Exec Code |
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319. |
24415 |
CVE-2017-13192 |
835 |
|
DoS |
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202. |
24416 |
CVE-2017-13191 |
835 |
|
DoS Exec Code |
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403. |
24417 |
CVE-2017-13190 |
770 |
|
|
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873. |
24418 |
CVE-2017-13189 |
770 |
|
|
2018-01-12 |
2019-10-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072. |
24419 |
CVE-2017-13188 |
200 |
|
+Info |
2018-01-12 |
2018-01-25 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786. |
24420 |
CVE-2017-13187 |
200 |
|
+Info |
2018-01-12 |
2018-01-26 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. |
24421 |
CVE-2017-13186 |
20 |
|
|
2018-01-12 |
2018-01-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716. |
24422 |
CVE-2017-13185 |
200 |
|
+Info |
2018-01-12 |
2018-01-25 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471. |
24423 |
CVE-2017-13184 |
416 |
|
Exec Code |
2018-01-12 |
2018-02-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324. |
24424 |
CVE-2017-13183 |
362 |
|
Exec Code |
2018-01-12 |
2018-02-02 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127. |
24425 |
CVE-2017-13182 |
190 |
|
Exec Code Overflow |
2018-01-12 |
2018-02-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022. |
24426 |
CVE-2017-13181 |
415 |
|
Exec Code |
2018-01-12 |
2018-02-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232. |
24427 |
CVE-2017-13180 |
787 |
|
Exec Code |
2018-01-12 |
2018-02-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349. |
24428 |
CVE-2017-13179 |
787 |
|
Exec Code |
2018-01-12 |
2018-02-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193. |
24429 |
CVE-2017-13178 |
787 |
|
Exec Code |
2018-01-12 |
2018-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281. |
24430 |
CVE-2017-13177 |
119 |
|
Exec Code Overflow |
2018-01-12 |
2018-02-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413. |
24431 |
CVE-2017-13176 |
20 |
|
Bypass |
2018-01-12 |
2018-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964. |
24432 |
CVE-2017-13175 |
200 |
|
+Info |
2017-12-06 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175. |
24433 |
CVE-2017-13174 |
|
|
|
2017-12-06 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473. |
24434 |
CVE-2017-13173 |
|
|
|
2017-12-06 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361. |
24435 |
CVE-2017-13172 |
|
|
|
2017-12-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791. |
24436 |
CVE-2017-13171 |
|
|
|
2017-12-06 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086. |
24437 |
CVE-2017-13170 |
|
|
|
2017-12-06 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280. |
24438 |
CVE-2017-13169 |
200 |
|
+Info |
2017-12-06 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. |
24439 |
CVE-2017-13168 |
732 |
|
|
2017-12-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. |
24440 |
CVE-2017-13167 |
|
|
|
2017-12-06 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993. |
24441 |
CVE-2017-13166 |
787 |
|
|
2017-12-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. |
24442 |
CVE-2017-13165 |
|
|
|
2017-12-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. |
24443 |
CVE-2017-13164 |
200 |
|
+Info |
2017-12-06 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193. |
24444 |
CVE-2017-13163 |
|
|
|
2017-12-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972. |
24445 |
CVE-2017-13162 |
|
|
|
2017-12-06 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036. |
24446 |
CVE-2017-13161 |
|
|
|
2017-12-06 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501. |
24447 |
CVE-2017-13160 |
125 |
|
Exec Code |
2017-12-06 |
2019-10-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. |
24448 |
CVE-2017-13159 |
200 |
|
+Info |
2017-12-06 |
2017-12-18 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772. |
24449 |
CVE-2017-13158 |
200 |
|
+Info |
2017-12-06 |
2017-12-18 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915. |
24450 |
CVE-2017-13157 |
200 |
|
+Info |
2017-12-06 |
2017-12-18 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341. |