7.5

CVE-2017-11087

EPSS 0.11%
Veröffentlicht 30.03.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:07:04
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://source.android.com/security/bulletin/pixel/2018-02-01

Vendor Advisory

http://www.securityfocus.com/bid/103669

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-11087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11087

EUVD