CVE-2017-13225Improper Restriction of Operations within the Bounds of a Memory Buffer in INC Android

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 57.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google INC Android
Timeline
PublishedJan 12
Latest updateMay 14

Description

In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5google_inc/androidAndroid kernel

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-p6gh-j83q-hr82: In libMtkOmxVdec2022-05-14
CVEList
CVE-2017-13225: In libMtkOmxVdec2018-01-12
CVE-2017-13225 — Google INC Android vulnerability | cvebase