CVE-2017-13151

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	6.0 (including)	6.0 (including)
Android	Google	6.0.1 (including)	6.0.1 (including)
Android	Google	7.0 (including)	7.0 (including)
Android	Google	7.1.1 (including)	7.1.1 (including)
Android	Google	7.1.2 (including)	7.1.2 (including)
Android	Google	8.0 (including)	8.0 (including)

Potential Mitigations

Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-13151
CWE	https://cwe.mitre.org/data/definitions/682.html

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

References

CVE-2017-13151

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References