* Add PHP7 compatibility
* Fix C++ output of disassembler
* Fix heap overflows in parser.c (CVE-2017-7578)
* Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265)
* Don’t try printing unknown block (CVE-2016-9828)
* Parse Protect tag’s Password as string (CVE-2016-9827)
* Check values before deriving malloc parameters from them in parser.c (CVE-2016-9829)
* Make readString() stop reading string past buffer’s end
* Return EOF when reading unsigned values hits end of memory backed buffer
* Exit immediately when unexpected EOF is by fgetc() in utility programs (CVE-2016-9831)
* Fix using EOF marker -1 value as a valid flag byte (CVE-2016-9266)
* Fix division by zero sample rate due to global buffer overflow (CVE-2016-9264, CVE-2016-9265)
* Add PHP7 compatibility
* Fix C++ output of disassembler
* Fix heap overflows in parser.c (CVE-2017-7578)
* Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265)
* Don’t try printing unknown block (CVE-2016-9828)
* Parse Protect tag’s Password as string (CVE-2016-9827)
* Check values before deriving malloc parameters from them in parser.c (CVE-2016-9829)
* Make readString() stop reading string past buffer’s end
* Return EOF when reading unsigned values hits end of memory backed buffer
* Exit immediately when unexpected EOF is by fgetc() in utility programs (CVE-2016-9831)
* Fix using EOF marker -1 value as a valid flag byte (CVE-2016-9266)
* Fix division by zero sample rate due to global buffer overflow (CVE-2016-9264, CVE-2016-9265)
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.