Brian Delwiche

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** In the `transcodeQ*ToFloat` function of `btif avrcp audio track.cc`, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bluetooth (affected versions not specified) **Description** The issue is related to a possible privilege escalation due to a use after free in the `gatt process prep write rsp` function of `gatt cl.cc`. This could lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.