CVE-2017-13313

Published Nov 15, 2024

Last updated 4 months ago

CVSS medium 6.5

Overview

Description: In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Source: security@android.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-835
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"
          },
          {
            "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"
          },
          {
            "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"
          },
          {
            "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"
          },
          {
            "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References