PT-2017-3575 · Google · Android

Hamsalekha S

Published

2017-07-04

Updated

2018-01-25

CVE-2017-13203

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1

Description: The issue is related to insufficient state checking in the libavc component of the Android Media Framework. This can be exploited by a remote attacker to disclose protected information or cause a denial of service.

Recommendations: For Android versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1, update to a version that includes the fix for the information disclosure vulnerability in the media framework.

Fix

Improper Check for Exceptional Conditions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-200

Related Identifiers

BDU:2018-00501

CVE-2017-13203

Affected Products

Android

PT-2017-3575 · Google · Android

CVE-2017-13203

Weakness Enumeration

Related Identifiers

Affected Products

References · 5