CVE-2017-13318

MEDIUM

Android - Remote Information Disclosure via Integer Overflow in HeifDataSource::readAt

Title source: llm
STIX 2.1

Description

In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References (1)

Core 1
Core References

Scores

CVSS v3 5.7
EPSS 0.0013
EPSS Percentile 3.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125 CWE-190
Status published
Products (1)
google/android 8.1
Published Jan 28, 2025
Tracked Since Feb 18, 2026