Out of Bounds Read Vulnerability in HeifDecoder Implementation by Android
CVE-2017-13317

5.7MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 28 January 2025

Summary

The HeifDecoder implementation in Android is susceptible to an out-of-bounds read due to inadequate input validation in the HeifDecoderImpl::getScanline function. This flaw could allow remote attackers to access sensitive information without requiring additional execution privileges. Successful exploitation necessitates user interaction, underscoring the need for vigilance in handling media content.

Affected Version(s)

Android Android Kernel

References

https://source.android.com/security/bulletin/pixel/2018-0...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Aug 23, 2017