Oliver Chang

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver (affected versions not specified) **Description** The issue is related to a vulnerability in the kernel mode layer handler for specific DxgDdiEscape IDs. A value passed from a user to the driver is used without validation as the index to an internal array, which can lead to denial of service or potential escalation of privileges. The affected IDs are 0x600000E, 0x600000F, and 0x6000010. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue concerns a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x10000e9, where a value passed from a user to the driver is used without validation as the size input to `memcpy()`, causing a stack buffer overflow. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue concerns a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x7000014, where a value passed from a user to the driver is used without validation as the index to an internal array. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue concerns a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x5000027, where a pointer passed from a user to the driver is used without validation. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue is related to a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x70001b2, where the size of an input buffer is not validated. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue concerns a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x100009a, where a value passed from a user to the driver is used without validation as the index to an internal array. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue is related to a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x7000170, where the size of an input buffer is not validated. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GeForce Experience versions prior to 2.11.4.125 NVIDIA GeForce Experience versions prior to 3.1.0.52 **Description** The issue is related to a stack buffer overflow in the kernel mode layer, specifically in the nvstreamkms.sys module. This can be triggered by a user with specially crafted executable paths, potentially leading to a denial of service or escalation of privileges. **Recommendations** For versions prior to 2.11.4.125, update to version 2.11.4.125 or later. For versions prior to 3.1.0.52, update to version 3.1.0.52 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-09-01 Android versions 7.0 before 2016-09-01 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a device hang or reboot, via a crafted media file. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-09-01, apply the September 2016 security patch or later. For Android versions 7.0 before 2016-09-01, apply the September 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340 and prior to 375.63 for R375 **Description** The issue concerns a vulnerability in the kernel mode layer handler for DxgDdiEscape ID 0x70000d5, where a value passed from a user to the driver is used without validation as the index to an internal array. This can lead to denial of service or potential escalation of privileges. **Recommendations** For NVIDIA Windows GPU Display Driver versions prior to 342.00 for R340, update to version 342.00 or later. For NVIDIA Windows GPU Display Driver versions prior to 375.63 for R375, update to version 375.63 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-05-01 on Nexus 5 devices **Description** The issue is related to insufficient input validation in the Qualcomm hardware video codec. This can be exploited by a remote attacker to cause a denial of service, resulting in a device reboot, by using a specially crafted file. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For Android versions prior to 2016-05-01 on Nexus 5 devices, update the operating system to a version released after 2016-05-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 48.0.2564.82 Opera (affected versions not specified) **Description** The issue is caused by multiple integer overflows in the `sycc422 to rgb` and `sycc444 to rgb` functions in PDFium, as used in Google Chrome and Opera. Exploitation of these overflows may allow a remote attacker to cause a denial of service (out-of-bounds read) or possibly have other unspecified impacts via a specially crafted PDF document. **Recommendations** For Google Chrome versions prior to 48.0.2564.82, update to version 48.0.2564.82 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.x through 5.1.1 LMY49F Android versions 6.0 through 2016-01-01 **Description** The issue is caused by a buffer overflow in the mediaserver component of the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) using a specially crafted media file. **Recommendations** For Android versions 5.x through 5.1.1 LMY49F, update to version 5.1.1 LMY49F or later. For Android versions 6.0 through 2016-01-01, apply the patch available after 2016-01-01. As a temporary workaround, consider restricting the use of mediaserver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is caused by a buffer overflow in the mediaserver component of the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted media file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.