PT-2016-3519 · Google · Nexus 7+2
Published
2016-07-11
·
Updated
2016-11-28
·
CVE-2014-9777
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 2016-07-05 on Nexus 5 and 7 (2013) devices
Description
The issue is related to the
vid dec set meta buffers function in the Qualcomm components, which does not validate the number of buffers. This allows attackers to gain privileges via a crafted application.Recommendations
For Android versions prior to 2016-07-05 on Nexus 5 and 7 (2013) devices, consider restricting access to the
vid dec set meta buffers function in the vdec.c file until a patch is available. As a temporary workaround, avoid using the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Nexus 5
Nexus 7