Vulnerability Details CVE-2017-13319
In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.7%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2017-13319
-
cpe:2.3:o:google:android:7.0
-
cpe:2.3:o:google:android:7.1.1
-
cpe:2.3:o:google:android:7.1.2
-
cpe:2.3:o:google:android:8.0
-
cpe:2.3:o:google:android:8.1