Hevc Codec Out-of-Bounds Write Vulnerability in Android

Hevc Codec Out-of-Bounds Write Vulnerability in Android

CVE-2017-13230 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.

Learn more about our Cis Benchmark Audit For Google Android.