Pazhanivelmani

6 exploits Active since Oct 2018
CVE-2020-0162 NOMISEC MEDIUM WRITEUP
Android - DoS
In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959
CVSS 6.5
CVE-2025-26443 NOMISEC HIGH WORKING POC
Android - Privilege Escalation
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 7.3
CVE-2023-2603 NOMISEC HIGH WORKING POC
Libcap - Memory Corruption
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.
CVSS 7.8
CVE-2023-1999 NOMISEC MEDIUM WORKING POC
libwebp - Use After Free
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
CVSS 5.3
CVE-2018-9338 NOMISEC HIGH WORKING POC
Google Android - Out-of-Bounds Write
In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2016-6328 NOMISEC HIGH WORKING POC
libexif - DoS/Info Disclosure
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
CVSS 8.1