CVE-2017-13319 (High) detected in avandroid-10.0.0_r37
Opened this issue · 2 comments
CVE-2017-13319 - High Severity Vulnerability
Vulnerable Library - avandroid-10.0.0_r37
Library home page: https://android.googlesource.com/platform/frameworks/av
Found in HEAD commit: 3817576ceacd1f81d53c0f1b5eec2a5cbecff7c3
Found in base branch: master
Vulnerable Source Files (3)
/media/libstagefright/codecs/mp3dec/src/pvmp3_decode_header.cpp
/media/libstagefright/codecs/mp3dec/src/pvmp3_decode_header.cpp
/media/libstagefright/codecs/mp3dec/src/pvmp3_decode_header.cpp
Vulnerability Details
Google Android 6.0 and 6.0.1 before 2018-05-05, is prone to a high severity denial-of-service vulnerability in the media framework component. AKA Android internal bug 71868329. NOTE: The 2018-05-05 patch level applies to Pixel and Nexus devices only.
Publish Date: 2019-01-01
URL: CVE-2017-13319
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://source.android.com/security/bulletin/pixel/2018-05-01
Release Date: 2019-01-01
Fix Resolution: android-8.1.0_r30
Step up your Open Source Security Game with Mend here
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.