Lucene search

Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.ANDROID:CVE-2017-13251

HistoryMar 01, 2018 - 12:00 a.m.

CVE-2017-13251

2018-03-0100:00:00

Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.

www.androidvulnerabilities.org

0.001 Low

EPSS

Percentile

27.1%

JSON

In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702.

CPENameOperatorVersion
androidlt7.0
androidlt8.0
androidlt7.1.1
androidlt8.1
androidlt7.1.2
androidlt6.0.1
androidlt6.0

Name	Operator	Version
android	lt	7.0
android	lt	8.0
android	lt	7.1.1
android	lt	8.1
android	lt	7.1.2
android	lt	6.0.1
android	lt	6.0

References

android.googlesource.com/platform/external/libmpeg2/+/5687dbe62b2785d1b037336eb07e96ab81bddaea

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2018-03-01.html

source.android.com/security/overview/acknowledgements

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for ANDROID:CVE-2017-13251