CVE-2017-17773
high-risk
Published 2018-03-15
In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow.
Do I need to act?
-
0.56% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
S820Am Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/103292
Third Party Advisory
https://source.android.com/security/bulletin/2018-03-01
Third Party Advisory
http://www.securityfocus.com/bid/103292
Third Party Advisory
https://source.android.com/security/bulletin/2018-03-01
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
22/34 · High