Published: 08/07/2019 Updated: 15/07/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 936

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 7.1.1
google android 8.0
google android 8.1
google android 9.0
google android 7.0
google android 7.1.2

CVE-2019-2107 - looks scary Still remember Stagefright and PNG bugs vulns With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video (with tiles enabled - ps_pps->i1_tiles_enabled_flag) you can possibly do RCE The codec affected is HVEC (aka H265 and MPEG-H Part 2) #exploit #rce #android #stagefri ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2019-2107 aka "Hevcfright" Proof of Concept exploit (Denial of Service PoC)  <!--X-He ...

CVE-2019-2107

CVE-2019-2107 CVE-2019-2107 CVE-2019-2107 - looks scary Still remember Stagefright and PNG bugs vulns With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video (with tiles enabled - ps_pps->i1_tiles_enabled_flag) you can possibly do RCE The codec affected is HVEC (aka H265 and MPEG-H Part 2) #exploit #rce #and

Some GitHub scripts

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents TypeScript Java Scala JavaScript Makefile Perl [Jupyter Notebook](#jupyter notebook) Matlab Shell Assembly PLSQL Python HTML QML Others Ruby Logos C LLVM C++ Objective-C [Vim script](#vim script) CSS Swift OCaml C# ActionScript Go PHP TypeScript juice-shop - OWASP Juice Shop: Probably the most

July is here – and so are the latest Android security fixes. Plenty of critical updates for all

The Register • Shaun Nichols in San Francisco • 01 Jul 2019

Patch, punch, it's the first of the month It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes

Google today posted a fresh round of Android security fixes. The July update addresses a total of 33 CVE-listed vulnerabilities, nine of them classified as critical risks. At the basic 2019-07-01 level, a dozen bugs are addressed. Five of those would allow for remote code execution if exploited; three (CVE-2019-2106, CVE-2019-2107, CVE-2019-2100) in the Android media framework, while another (CVE-2019-2105) is in Android Library and the fifth (CVE-2019-2105) is found in the System. All would be ...

CVE-2019-2107

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect