7.8
CVE-2017-13194
- EPSS 1.81%
- Veröffentlicht 12.01.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:11:08
- CVE-Watchlists
- Unerledigt
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.81% | 0.757 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://source.android.com/security/bulletin/pixel/2018-01-01
https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html
https://usn.ubuntu.com/4199-1/
https://usn.ubuntu.com/4199-2/
https://www.debian.org/security/2018/dsa-4132