Main Vulnerability Database Vulnerabilities #VU37325

Information disclosure in Google Android - CVE-2017-11087

Published: March 30, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37325

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-11087

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver.

How to mitigate CVE-2017-11087

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/103669
https://source.android.com/security/bulletin/pixel/2018-02-01

Information disclosure in Google Android - CVE-2017-11087

Detailed vulnerability description

How to mitigate CVE-2017-11087

Sources

Please verify you're human