CVE-2017-13291

Name of the Vulnerable Software and Affected Versions: Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1

Description: The issue is related to a possible NULL pointer dereference due to missing bounds checks in the avrc ctrl pars vendor rsp function of avrc pars ct.cc. This could lead to a remote denial of service, and no additional execution privileges are needed for exploitation. User interaction is not required for exploitation.

Recommendations: For Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, update to a version that includes the fix for Android ID A-71603553 to resolve the issue.