PT-2018-4134 · Google · Android

Published

2018-04-18

Updated

2018-05-09

CVE-2014-10039

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue occurs when qsee app entry return() is called without first calling qsee app entry(), causing the stack to be restored to an older state and resulting in a return to an unexpected location. This affects devices with Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800.

Recommendations For Android versions prior to 2018-04-05 security patch level, ensure that qsee app entry() is called before qsee app entry return() to prevent the stack from being restored to an older state. As a temporary workaround, consider restricting the use of qsee app entry return() until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2014-10039

Affected Products

Android

PT-2018-4134 · Google · Android

CVE-2014-10039

Weakness Enumeration

Related Identifiers

Affected Products

References · 3