CVE-2017-13194

HIGH

Android 7.0-8.1 - Denial of Service via Odd Frame Width in libvpx

Title source: llm
STIX 2.1

Description

A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.

References (6)

Core 6
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2018-01-01
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4132
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4199-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4199-2/

Scores

CVSS v3 7.5
EPSS 0.0181
EPSS Percentile 75.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (11)
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
google/android 5.1.1
google/android 6.0
google/android 6.0.1
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
... and 1 more
Published Jan 12, 2018
Tracked Since Feb 18, 2026