CVE-2017-13313

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-13313

CWE

https://cwe.mitre.org/data/definitions/835.html

In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	6.0 (including)	6.0 (including)
Android	Google	6.0.1 (including)	6.0.1 (including)
Android	Google	7.0 (including)	7.0 (including)
Android	Google	7.1.1 (including)	7.1.1 (including)
Android	Google	7.1.2 (including)	7.1.2 (including)
Android	Google	8.0 (including)	8.0 (including)
Android	Google	8.1 (including)	8.1 (including)

References

https://source.android.com/security/bulletin/2018-05-01

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References