CVE-2014-9795

HIGH Year: 2014
CVSS v3 Score
7.8
High
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-189
View all →

Vulnerability Description

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.

Related Vulnerabilities

CVE-2010-1883

HIGH
CVSS:7.8(High)

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows ...

CWE-1892010

CVE-2014-9787

HIGH
CVSS:7.8(High)

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android ...

CWE-1892014

CVE-2014-9792

HIGH
CVSS:7.8(High)

arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted a...

CWE-1892014

CVE-2014-9800

HIGH
CVSS:7.8(High)

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android i...

CWE-1892014

CVE-2014-9801

HIGH
CVSS:7.8(High)

Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android i...

CWE-1892014

CVE-2014-9876

HIGH
CVSS:7.8(High)

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privil...

CWE-1892014