Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2017-13210 Out-of-bounds Write vulnerability in Google Android
In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small.
local
low complexity
google CWE-787
7.2
2018-01-12 CVE-2017-13209 Missing Authorization vulnerability in Google Android 8.0/8.1
In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service.
local
low complexity
google CWE-862
7.2
2018-01-12 CVE-2017-13205 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android media framework (libmpeg2).
network
low complexity
google CWE-200
8.5
2018-01-12 CVE-2017-13204 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android media framework (libavc).
network
low complexity
google CWE-200
8.5
2018-01-12 CVE-2017-13203 Information Exposure vulnerability in Google Android
An information disclosure vulnerability in the Android media framework (libavc).
network
low complexity
google CWE-200
8.5
2018-01-12 CVE-2017-13199 Improper Handling of Exceptional Conditions vulnerability in Google Android 8.0/8.1
In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on.
network
low complexity
google CWE-755
7.8
2018-01-12 CVE-2017-13198 Improper Input Validation vulnerability in Google Android
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map.
network
low complexity
google CWE-20
7.8
2018-01-12 CVE-2017-13197 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error.
network
low complexity
google CWE-119
7.8
2018-01-12 CVE-2017-13196 Missing Release of Resource after Effective Lifetime vulnerability in Google Android
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks.
network
low complexity
google CWE-772
7.8
2018-01-12 CVE-2017-13195 Infinite Loop vulnerability in Google Android
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop.
network
low complexity
google CWE-835
7.8