CVE-2017-13195

Name of the Vulnerable Software and Affected Versions Android versions 5.1.1 through 8.1

Description The issue is related to the ihevcd parse sps function in ihevcd parse headers.c, which can enter an infinite loop due to negative parameter values leading to negative indexes. This can cause a remote denial of service of a critical system process without requiring additional execution privileges. User interaction is not needed for exploitation.

Recommendations For Android versions 5.1.1 through 8.1, consider restricting access to the ihevcd parse sps function in ihevcd parse headers.c to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.