CVE-2017-13225 - OpenCVE

In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102420
http://www.securitytracker.com/id/1040106
https://source.android.com/security/bulletin/2018-01-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2018-01-12T23:00:00Z

Updated: 2024-09-16T18:54:08.354Z

Reserved: 2017-08-23T00:00:00

Link: CVE-2017-13225

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-01-12T23:29:02.157

Modified: 2018-01-25T14:42:54.447

Link: CVE-2017-13225

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "Google Inc.", "versions": [{"status": "affected", "version": "Android kernel"}]}], "datePublic": "2018-01-02T00:00:00", "descriptions": [{"lang": "en", "value": "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789."}], "problemTypes": [{"descriptions": [{"description": "Elevation of privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-13T10:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2018-01-01"}, {"name": "1040106", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040106"}, {"name": "102420", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102420"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android kernel"}]}}]}, "vendor_name": "Google Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of privilege"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01"}, {"name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106"}, {"name": "102420", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102420"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:58:12.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2018-01-01"}, {"name": "1040106", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040106"}, {"name": "102420", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102420"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13225", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T18:54:08.354Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789."}, {"lang": "es", "value": "Hay un posible desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en libMtkOmxVdec.so. Esto podr\u00eda llevar a una elevaci\u00f3n remota de privilegios que permite la ejecuci\u00f3n de c\u00f3digo como proceso privilegiado sin necesitar privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para explotarlo. Producto: Android. Versiones: Android kernel. Android ID: A-38308024. Referencias: M-ALPS03495789."}], "id": "CVE-2017-13225", "lastModified": "2018-01-25T14:42:54.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-12T23:29:02.157", "references": [{"source": "security@android.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securityfocus.com/bid/102420"}, {"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040106"}, {"source": "security@android.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2018-01-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}