{"vulnerability": "CVE-2019-2107", "sightings": [{"uuid": "0ad2b06a-c09c-4b83-a589-18fe94dbedc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "Telegram/BsV_H7h8p9-7V6Mwt9uJvV9bAKqf3fpQZfpguequJEcUQXA", "content": "", "creation_timestamp": "2019-11-03T21:22:28.000000Z"}, {"uuid": "8747aac1-1938-4a7b-8e0d-5d0719ae36b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/antichat/5983", "content": "https://github.com/marcinguy/CVE-2019-2107", "creation_timestamp": "2019-07-24T15:29:55.000000Z"}, {"uuid": "457f54be-35f0-4d87-a008-22d65647fbee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/MajorHacker/151", "content": "Looks like someone successfully created PoC for Android CVE-2019-2107 RCE\n\nPoC: You can own the mobile by viewing a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.\nhttps://github.com/marcinguy/CVE-2019-2107", "creation_timestamp": "2019-07-24T12:01:40.000000Z"}, {"uuid": "f131d6d4-426a-4fff-9558-f301abc4ec64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/antichat/5899", "content": "https://github.com/marcinguy/CVE-2019-2107/\nCVE-2019-2107 : a.k.a \"Hevcfright\" Proof of Concept exploit (Denial of Service PoC)", "creation_timestamp": "2019-07-17T09:44:45.000000Z"}, {"uuid": "c1c3e3d4-5007-4f2b-82b0-a7bdc0b6ced9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "exploited", "source": "Telegram/YsDfw_TMa7h4O8OusQuQ6zbnETpzJoX2kGPJKG7oVZIAvw", "content": "", "creation_timestamp": "2019-07-26T18:49:56.000000Z"}, {"uuid": "308e7194-b28d-4146-a142-a05309e4f53f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "seen", "source": "https://t.me/Termuxx/7245", "content": "#\u062a\u062d\u0630\u064a\u0631\u0627\u062a_\u0623\u0645\u0646\u064a\u0629 \u26a0\ufe0f | \u0627\u0643\u062a\u0634\u0641 \u0628\u0627\u062d\u062b\u064a\u0646 \u0623\u0645\u0646\u064a\u064a\u0646 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 \u0623\u0643\u062b\u0631 \u0645\u0646 \u0645\u0644\u064a\u0627\u0631 \u0647\u0627\u062a\u0641 \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0648\u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0628\u0627\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0646\u062f\u0631\u0648\u064a\u062f 7.0 \u0648\u062d\u062a\u064a 9.0 \u062d\u064a\u062b \u064a\u0633\u062a\u0637\u064a\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0645\u0643\u062a\u0634\u0641\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0636\u0645\u064a\u0646 \u0623\u0643\u0648\u0627\u062f \u062f\u0627\u062e\u0644 \u0645\u0642\u0637\u0639 \u0641\u064a\u062f\u064a\u0648 \u0648\u0639\u0646\u062f \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0641\u064a\u062f\u064a\u0648 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0628\u0627\u0644\u062c\u0647\u0627\u0632 \u0648\u0627\u0644\u062c\u062f\u064a\u0631 \u0628\u0627\u0644\u0630\u0643\u0631 \u0627\u0646 \u0634\u0631\u0643\u0629 \u062c\u0648\u062c\u0644 \u0627\u0635\u062f\u0631\u062a \u0628\u0627\u062a\u0634 \u0644\u0627\u063a\u0644\u0627\u0642 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0634\u0647\u0631 \u0627\u0644\u062d\u0627\u0644\u064a \u0648\u0644\u0643\u0646 \u0645\u0627\u0632\u0627\u0644\u062a \u0627\u0644\u0643\u062b\u064a\u0631 \u0645\u0646 \u0627\u0644\u0647\u0648\u0627\u062a\u0641 \u0644\u0645 \u062a\u0633\u062a\u0644\u0645 \u0627\u0644\u0628\u0627\u062a\u0634 \u0627\u0644\u0623\u0645\u0646\u064a \u0644\u063a\u0644\u0642 \u0627\u0644\u062b\u063a\u0631\u0629\n\n\u26a0\ufe0f \u0646\u062d\u0630\u0631 \u0645\u0646 \u062a\u0634\u063a\u064a\u0644 \u0645\u0642\u0627\u0637\u0639 \u0627\u0644\u0641\u064a\u062f\u064a\u0648 \u0639\u0628\u0631 \u0647\u0648\u0627\u062a\u0641 \u0627\u0646\u062f\u0631\u0648\u064a\u062f \u062d\u062a\u064a \u0627\u0633\u062a\u0644\u0627\u0645 \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0623\u0645\u0646\u064a \u0644\u0644\u062b\u063a\u0631\u0629 ( CVE-2019-2107)", "creation_timestamp": "2019-07-26T18:49:56.000000Z"}, {"uuid": "49450a3d-634e-4229-9a9e-b4085d1af204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "seen", "source": "https://t.me/TBH811/492", "content": "#\u062a\u062d\u0630\u064a\u0631\u0627\u062a_\u0623\u0645\u0646\u064a\u0629 \u26a0\ufe0f | \u0627\u0643\u062a\u0634\u0641 \u0628\u0627\u062d\u062b\u064a\u0646 \u0623\u0645\u0646\u064a\u064a\u0646 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u062a\u0624\u062b\u0631 \u0639\u0644\u0649 \u0623\u0643\u062b\u0631 \u0645\u0646 \u0645\u0644\u064a\u0627\u0631 \u0647\u0627\u062a\u0641 \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0648\u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0628\u0627\u0635\u062f\u0627\u0631\u0627\u062a \u0627\u0646\u062f\u0631\u0648\u064a\u062f 7.0 \u0648\u062d\u062a\u064a 9.0 \u062d\u064a\u062b \u064a\u0633\u062a\u0637\u064a\u0639 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0645\u0643\u062a\u0634\u0641\u0629 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0636\u0645\u064a\u0646 \u0623\u0643\u0648\u0627\u062f \u062f\u0627\u062e\u0644 \u0645\u0642\u0637\u0639 \u0641\u064a\u062f\u064a\u0648 \u0648\u0639\u0646\u062f \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0641\u064a\u062f\u064a\u0648 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0643\u0645 \u0627\u0644\u0643\u0627\u0645\u0644 \u0628\u0627\u0644\u062c\u0647\u0627\u0632 \u0648\u0627\u0644\u062c\u062f\u064a\u0631 \u0628\u0627\u0644\u0630\u0643\u0631 \u0627\u0646 \u0634\u0631\u0643\u0629 \u062c\u0648\u062c\u0644 \u0627\u0635\u062f\u0631\u062a \u0628\u0627\u062a\u0634 \u0644\u0627\u063a\u0644\u0627\u0642 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0634\u0647\u0631 \u0627\u0644\u062d\u0627\u0644\u064a \u0648\u0644\u0643\u0646 \u0645\u0627\u0632\u0627\u0644\u062a \u0627\u0644\u0643\u062b\u064a\u0631 \u0645\u0646 \u0627\u0644\u0647\u0648\u0627\u062a\u0641 \u0644\u0645 \u062a\u0633\u062a\u0644\u0645 \u0627\u0644\u0628\u0627\u062a\u0634 \u0627\u0644\u0623\u0645\u0646\u064a \u0644\u063a\u0644\u0642 \u0627\u0644\u062b\u063a\u0631\u0629\n\n\u26a0\ufe0f \u0646\u062d\u0630\u0631 \u0645\u0646 \u062a\u0634\u063a\u064a\u0644 \u0645\u0642\u0627\u0637\u0639 \u0627\u0644\u0641\u064a\u062f\u064a\u0648 \u0639\u0628\u0631 \u0647\u0648\u0627\u062a\u0641 \u0627\u0646\u062f\u0631\u0648\u064a\u062f \u062d\u062a\u064a \u0627\u0633\u062a\u0644\u0627\u0645 \u0627\u0644\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0623\u0645\u0646\u064a \u0644\u0644\u062b\u063a\u0631\u0629 ( CVE-2019-2107)", "creation_timestamp": "2019-07-26T18:50:19.000000Z"}, {"uuid": "d31108c2-7603-46ba-b442-1921f71b0830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "seen", "source": "https://t.me/cveNotify/308", "content": "\ud83d\udea8 #CVE-2019-2107\nIn ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for e... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2107\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-08T21:00:10.000000Z"}, {"uuid": "ad557bbe-eb46-4628-b870-a21eb751c2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/2721", "content": "https://github.com/marcinguy/CVE-2019-2107", "creation_timestamp": "2020-09-03T05:33:53.000000Z"}, {"uuid": "3aa676ba-eb24-46e8-bac8-f511efd047aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/235", "content": "Story wrap-up about PoC CVE-2019-2107 with the comments from PoC author and Google.\n\n\u25aa\ufe0f Google - vulnerability wasn't exploited in the wild yet\n\u25aa\ufe0f PoC author - exploit wouldn't work if the video will be shared on Facebook, YouTube, Instagram...because of encoding\nhttps://thenextweb.com/security/2019/07/24/google-android-vulnerability-malicious-video/", "creation_timestamp": "2019-07-24T16:41:31.000000Z"}, {"uuid": "b822515e-25e4-4391-b768-1310f53e9763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/SecLabNews/5456", "content": "\u0412 \u041e\u0421 Android \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2019-2107) \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Android \u043e\u0442 7.0 \u0434\u043e 9.0 (Nougat, Oreo \u0438 Pie) \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0430\u0432. \u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u043d\u0430 GitHub \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u041c\u0430\u0440\u0446\u0438\u043d\u043e\u043c \u041a\u043e\u0437\u043b\u043e\u0432\u0441\u043a\u0438 (Marcin Kozlowski).    \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Android \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0438\u0434\u0435\u043e", "creation_timestamp": "2019-07-26T14:40:20.000000Z"}, {"uuid": "6378135d-cdb5-4c60-b88a-a5b9dd14bd39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/234", "content": "Looks like someone successfully created PoC for Android CVE-2019-2107 RCE\n\nPoC: You can own the mobile by viewing a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.\nhttps://github.com/marcinguy/CVE-2019-2107", "creation_timestamp": "2019-07-23T15:50:17.000000Z"}, {"uuid": "c1251b21-c1cd-42da-848c-cb5f39ebd715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "seen", "source": "Telegram/eDEOt4ahQp4UCBchWwkxRKn8ZDXET6w2Zzi2wlaaMfv0yRY", "content": "", "creation_timestamp": "2019-07-26T18:49:56.000000Z"}, {"uuid": "0e7f2c24-3dc6-47cc-bae4-0794448f8ae2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-2107", "type": "seen", "source": "Telegram/r7r7HKdCAJCxBQ64x4-Qos0CYSZzP-Y9DHq2mbvhfc75Zg", "content": "", "creation_timestamp": "2019-08-07T02:08:13.000000Z"}]}