The zero-day flaw resides in the uvc_parse_format function.
Improper parsing of UVC_VS_UNDEFINED pop in frames can cause the buffer size of frames to be miscalculated.
This can potentially allow attackers to execute arbitrary code on a vulnerable Android phone or trigger denial-of-service conditions.
source: www.techworm.net
