Vulnerability Details : CVE-2017-18281
A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel
Products affected by CVE-2017-18281
- cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18281
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18281
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-18281
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18281
-
http://www.securitytracker.com/id/1041432
Google Android Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Applications Gain Elevated Privileges and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.codeaurora.org/security-bulletin/2018/10/01/october-2018-code-aurora-security-bulletin
October 2018 Code Aurora Security Bulletin - Code AuroraPatch;Third Party Advisory
Jump to