CVE Vulnerabilities

CVE-2017-13192

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Jan 12, 2018 | Modified: Oct 03, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.

Weakness

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Android Google 5.1.1 5.1.1
Android Google 6.0 6.0
Android Google 6.0.1 6.0.1
Android Google 7.0 7.0
Android Google 7.1.1 7.1.1
Android Google 7.1.2 7.1.2
Android Google 8.0 8.0
Android Google 8.1 8.1

References