CVE-2014-9777

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-07-05 on Nexus 5 and 7 (2013) devices

Description The issue is related to the vid dec set meta buffers function in the Qualcomm components, which does not validate the number of buffers. This allows attackers to gain privileges via a crafted application.

Recommendations For Android versions prior to 2016-07-05 on Nexus 5 and 7 (2013) devices, consider restricting access to the vid dec set meta buffers function in the vdec.c file until a patch is available. As a temporary workaround, avoid using the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.