Home > Vulnerability Database > CVE-2017-13313

Mend.io Vulnerability Database

CVE-2017-13313

Date: November 15, 2024

In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Language: C++

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-13313

Url: https://android.googlesource.com/platform/frameworks/av/+/4b3b618144050d80dbaa0228797b021d5df5e919

Url: https://source.android.com/security/bulletin/2018-05-01

Url: https://www.mend.io/vulnerability-database/CVE-2017-13313

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2017-13313

Date: November 15, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?