CVE-2017-13228 — Out-of-bounds Write in INC Android

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android Google Android

Timeline

PublishedFeb 12

Latest updateMay 14

Description

In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/android7 versions+6

▶CVEListV5google_inc/android7 versions+6

🔴Vulnerability Details

GHSA

GHSA-fxfr-mrqw-xqqw: In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character↗2022-05-14

▶

CVEList

CVE-2017-13228: In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character↗2018-02-12

▶

📋Vendor Advisories

Android

CVE-2017-13228: Android Security Bulletin 2018-02-01 CVE: CVE-2017-13228 Severity: CRITICAL Type: RCE Affected AOSP versions: 6↗2018-02-01

▶