CVE-2013-4736

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.x through 3.x

Description The issue is related to multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel. This can be exploited by attackers to cause a denial of service, resulting in a system crash. The exploitation is possible via a large number of commands in an ioctl call. The affected files include camera v1/gemini/msm gemini sync.c, camera v2/gemini/msm gemini sync.c, camera v2/jpeg 10/msm jpeg sync.c, gemini/msm gemini sync.c, jpeg 10/msm jpeg sync.c, and mercury/msm mercury sync.c.

Recommendations For Linux kernel versions 2.6.x through 3.x, consider applying configuration changes to restrict the number of commands in an ioctl call to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.