CVE-2013-4736

{"id": "CVE-2013-4736", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-10T18:15:10.543", "references": [{"url": "https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en los controladores de motor JPEG en el controlador de c\u00e1mara MSM para el kernel de Linux versiones 2.6.x y 3.x, como es usado en las contribuciones de Android Qualcomm Innovation Center (QuIC) para dispositivos MSM y otros productos, permiten a los atacantes causar una denegaci\u00f3n de servicio (bloqueo del sistema) por medio de un gran n\u00famero de comandos en una llamada ioctl, relacionados con los archivos (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm__gemini.c, (3) camera_v2/jpeg_10/msm_ jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c y (6) mercury/msm_mercury_sync.c."}], "lastModified": "2014-09-04T05:23:49.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82BFCD06-425A-469F-BD52-56C78AB11D54"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E29DBF-4869-41F8-85F6-091F1B34D8F8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D3B42C6-F8F7-493C-81AD-A112A207FC58"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F7F6E06-C45C-47E5-B745-33B1A5083F43"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C8DB4C3-3A34-496E-9422-3D7E1425B7D8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B167417-35A9-42BA-874E-0B32EE44AFE4"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93FA4BD-DD95-4402-AC27-C1FB86469A52"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF6C0F8A-CD4A-4B7C-84D2-79150FBAAFF5"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E392CFA9-C390-4F31-A826-5D2BE237FFD8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD74D1CD-DBA8-487D-AE08-F3565B12B5D3"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A00D89D-63B9-425D-AF50-B274491FA470"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F18C21F4-F5AB-49D0-8B77-6768337B391A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16CCD06D-0248-4802-8FAB-A8411F102078"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08315601-ECBF-489B-8482-4D075ABB8B94"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93FEF076-6924-4671-A7B4-619582B1F491"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E89A6BA-599E-4C5F-B60F-FF8175A1EE57"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D0D9E5A-3D4D-41F3-85DE-AA029C0ED86F"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC580424-3A41-4110-9CDD-C72B52FD360A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88D6F21-5D58-4BF2-A3DD-6E1C21A464E8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D16E881-C08D-4C23-BA7F-C2811EA65E6D"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "677023A0-0628-41D0-99B7-CEF547DA7249"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD77E075-1B20-4EE2-A14F-49772963E589"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E85620CE-8085-4FE9-B8FE-11585FB2C4AF"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24FC9829-EF73-4FF6-B752-8EFB4223703A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F416D6E-9CF0-47E3-BEF9-97571888FB47"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5B7FC7D-3287-4B15-879E-321F663EB508"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1A9A837-2771-4443-A18A-1CE2386FBBF6"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6016DD8-1AB1-43F9-9652-A47FD48861E0"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23289CA4-3FE3-43E7-9793-3120928DD43D"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "631355B2-8B51-4F16-8733-9C54539E77C8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BCE7F05-607F-48E2-B371-FBDCA585561A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "177D555B-CD3B-4E3E-97BD-103AB2A6051A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45A19E0E-D07B-43E6-B334-A7A3FE4367C5"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8C0E4F9-F1B8-459B-9A4F-42164EBCFD61"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D220E16-C172-4A6A-971B-6B1B6CA6AA8F"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D45AF000-98BE-4C23-8E40-A8E202800DC7"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E922227-ADB4-41CC-AC2E-10D0F9FD165E"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0BED70D-0E2E-433A-A8B1-3418793969CD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}