Lucene search
Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE TeamANDROID:CVE-2017-13179HistoryJan 01, 2018 - 12:00 a.m.
CVE-2017-13179
2018-01-0100:00:00
Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team
www.androidvulnerabilities.org
14
EPSS
0.006
Percentile
78.9%
In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193.
Related
prion
prion
Out-of-bounds
2018-01-12 23:29:00
cvelist
cvelist
CVE-2017-13179
2018-01-12 23:00:00
cve
cve
CVE-2017-13179
2018-01-12 23:29:00
nvd
nvd
CVE-2017-13179
2018-01-12 23:29:00