Vulnerabilities > Google > Android > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-11 | CVE-2016-3741 | Improper Input Validation vulnerability in Google Android 6.0/6.0.1 The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. | 9.8 |
2016-07-11 | CVE-2016-3742 | Improper Input Validation vulnerability in Google Android 6.0/6.0.1 decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. | 9.8 |
2016-07-11 | CVE-2016-3743 | Improper Input Validation vulnerability in Google Android 6.0/6.0.1 decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. | 9.8 |
2016-07-11 | CVE-2016-3745 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28173666. | 9.8 |
2016-06-13 | CVE-2016-2473 | Unspecified vulnerability in Google Android The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27777501. | 9.8 |
2016-06-13 | CVE-2016-2496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 6.0/6.0.1 The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796. | 9.8 |
2016-05-09 | CVE-2016-2428 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339. | 9.8 |
2016-05-09 | CVE-2016-2429 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885. | 9.8 |
2016-05-05 | CVE-2016-2108 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. | 9.8 |
2016-04-18 | CVE-2016-0835 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/6.0.1 decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. | 9.8 |