CVE-2017-13267

Name of the Vulnerable Software and Affected Versions: Android versions 6.0 through 8.1

Description: The issue is related to a missing bounds check in the avrc pars vendor cmd function of avrc pars tg.cc, which could lead to stack corruption. This might allow for remote escalation of privilege without needing additional execution privileges. User interaction is not required for exploitation. The problem is due to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations: For Android versions 6.0 through 8.1, update to a version that includes the fix for this issue, as specified by the Android ID A-69479009. At the moment, there is no information about a newer version that contains a fix for this vulnerability.