CVE-2014-10039

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue occurs when qsee app entry return() is called without first calling qsee app entry(), causing the stack to be restored to an older state and resulting in a return to an unexpected location. This affects devices with Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800.

Recommendations For Android versions prior to 2018-04-05 security patch level, ensure that qsee app entry() is called before qsee app entry return() to prevent the stack from being restored to an older state. As a temporary workaround, consider restricting the use of qsee app entry return() until a patch is available.