{ "name": "CVE-2017-13250", "CVE": [ [ "CVE-2017-13250", "Bulletin-CVE-2017-13250" ] ], "Coordinated_disclosure": "unknown", "Categories": [ "Media framework" ], "Details": [ [ "In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536.", "NIST-CVE-2017-13250" ] ], "Discovered_on": [], "Discovered_by": [], "Submission": [ { "by": "dcc52", "on": "2019-07-25" } ], "Reported_on": [ [ "2018-03-01", "Bulletin-CVE-2017-13250" ] ], "Fixed_on": [ [ "2017-12-27", "A-71375536" ] ], "Fix_released_on": [ [ "2018-03-05", "Bulletin-CVE-2017-13250" ] ], "Affected_versions": [ [ "6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1", "Bulletin-CVE-2017-13250" ] ], "Affected_devices": [], "Affected_versions_regexp": [ "(6\\.0\\.[0-9])|(6\\.0\\.1)|(7\\.0\\.[0-9])|(7\\.1\\.1)|(7\\.1\\.2)|(8\\.0\\.[0-9])|(8\\.1\\.[0-9])" ], "Affected_manufacturers": [ [ "all", "Bulletin-CVE-2017-13250" ] ], "Fixed_versions": [ [ "6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1", "Bulletin-CVE-2017-13250" ] ], "Fixed_versions_regexp": [ "(6\\.0\\.[0-9])|(6\\.0\\.1)|(7\\.0\\.[0-9])|(7\\.1\\.1)|(7\\.1\\.2)|(8\\.0\\.[0-9])|(8\\.1\\.[0-9])" ], "references": { "A-71375536": { "url": "https://android.googlesource.com/platform/external/libavc/+/a7f41c5d3425dbd89da38a4aa8398cf7351406e8" }, "NIST-CVE-2017-13250": { "url": "https://nvd.nist.gov/vuln/data-feeds" }, "Bulletin-CVE-2017-13250": { "url": "https://source.android.com/security/bulletin/2018-03-01.html" } }, "Surface": [ "remote" ], "Vector": [ "memory-corruption" ], "Target": [ "system-component" ], "Channel": [ "file-placement" ], "Condition": [ "malicious-file-viewed" ], "Privilege": [ "user" ], "CWE": [ [ "CWE-787", "NIST-CVE-2017-13250" ] ] }