9.3

CVE-2017-0716

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
GoogleAndroid Version7.0
GoogleAndroid Version7.1.0
GoogleAndroid Version7.1.1
GoogleAndroid Version7.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.504
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.securityfocus.com/bid/100204
Third Party Advisory
VDB Entry