exploitDog

CVE-2017-11087

Опубликовано: 30 мар. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver.

Ссылки

http://www.securityfocus.com/bid/103669
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/pixel/2018-02-01
Vendor Advisory
http://www.securityfocus.com/bid/103669
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/pixel/2018-02-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00111

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5wg8-3j49-pwq7

CVSS3: 7.5

github

больше 3 лет назад

libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver.

EPSS

Процентиль: 30%

0.00111

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200