Out of Bounds Read Vulnerability in HeifDecoder Implementation Affecting Google Pixel Devices
CVE-2017-13318

5.7MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 28 January 2025

What is CVE-2017-13318?

The vulnerability arises from an out of bounds read in the HeifDataSource::readAt function within HeifDecoderImpl.cpp. This flaw is caused by an integer overflow, potentially allowing remote information disclosure. While this issue does not require any special execution privileges, it does need user interaction for exploitation, making it important for users to be vigilant.

Affected Version(s)

Android Android Kernel

References

https://source.android.com/security/bulletin/pixel/2018-0...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Aug 23, 2017