Vulnerability Description
Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash) via a large number of commands in an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2) camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c, and (6) mercury/msm_mercury_sync.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codeaurora | Android-Msm | 3.2.54 |
Related Weaknesses (CWE)
References
- https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-sigPatchVendor Advisory
- https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-sigPatchVendor Advisory
FAQ
What is CVE-2013-4736?
CVE-2013-4736 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices an...
How severe is CVE-2013-4736?
CVE-2013-4736 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4736?
Check the references section above for vendor advisories and patch information. Affected products include: Codeaurora Android-Msm.