CVE-2013-4736

Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:codeaurora:android-msm:3.12.9:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.29:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.77:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc8::::::
	cpe:2.3:o:codeaurora:android-msm:3.12.7:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.26:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.24:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.74:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.14:rc2::::::
	cpe:2.3:o:codeaurora:android-msm:3.10.28:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.79:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13.1:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.3:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.6:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc2::::::
	cpe:2.3:o:codeaurora:android-msm:3.12.10:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc3::::::
	cpe:2.3:o:codeaurora:android-msm:3.13:rc5::::::
	cpe:2.3:o:codeaurora:android-msm:3.10.25:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc4::::::
	cpe:2.3:o:codeaurora:android-msm:3.12.8:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.78:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.23:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.76:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.27:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.54:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13.2:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.73:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.4:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc7::::::
	cpe:2.3:o:codeaurora:android-msm:3.13:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc6::::::
	cpe:2.3:o:codeaurora:android-msm:3.14:rc1::::::
	cpe:2.3:o:codeaurora:android-msm:3.10.22:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.72:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.5:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc1::::::
	cpe:2.3:o:codeaurora:android-msm:3.4.75:::::::*

Information

Published : 2014-02-10 10:15

Updated : 2014-09-03 22:23

NVD link : CVE-2013-4736

Mitre link : CVE-2013-4736

JSON object : View

CWE

CWE-189

Numeric Errors

Products Affected

codeaurora

android-msm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736", "name": "https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4736", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-10T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-09-04T05:23Z"}

7.8 /10