CVE Vulnerabilities

CVE-2017-13195

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Jan 12, 2018 | Modified: Oct 03, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Android Google 7.1.2 7.1.2
Android Google 6.0.1 6.0.1
Android Google 6.0 6.0
Android Google 7.0 7.0
Android Google 8.0 8.0
Android Google 5.1.1 5.1.1
Android Google 7.1.1 7.1.1
Android Google 8.1 8.1

References