CVE-2017-13279

MEDIUM Year: 2017
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-834
View all →

Vulnerability Description

In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.

Related Vulnerabilities

CVE-2017-0775

MEDIUM
CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.

CWE-8342017

CVE-2017-11549

MEDIUM
CVSS:5.5(Medium)

The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be r...

CWE-8342017

CVE-2017-9253

MEDIUM
CVSS:5.5(Medium)

The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a craf...

CWE-8342017

CVE-2017-9254

MEDIUM
CVSS:5.5(Medium)

The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a craf...

CWE-8342017

CVE-2017-9255

MEDIUM
CVSS:5.5(Medium)

The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a craf...

CWE-8342017

CVE-2017-9256

MEDIUM
CVSS:5.5(Medium)

The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a craf...

CWE-8342017