CVE-2017-13199Improper Handling of Exceptional Conditions in INC Android

CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
EPSS
3.2%
top 12.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedJan 12
Latest updateMay 13

Description

In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android8.0, 8.1+1
CVEListV5google_inc/android8.0, 8.1+1

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-w77x-qj4r-hv89: In Bitmap2022-05-13
CVEList
CVE-2017-13199: In Bitmap2018-01-12

📋Vendor Advisories

1
Android
CVE-2017-13199: Android Security Bulletin 2018-01-01 CVE: CVE-2017-13199 Severity: HIGH Type: DoS Affected AOSP versions: 82018-01-01
CVE-2017-13199 — Google INC Android vulnerability | cvebase