Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.