CVE-2017-0381Integer Overflow or Wraparound in INC Android

CWE-190Integer Overflow or Wraparound13 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 66.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Wikepage OpusDebian OpusApple IOS+5 more
Timeline
PublishedJan 12
Latest updateMay 13

Description

An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDgoogle/android10 versions+9
CVEListV5google_inc/android6 versions+5
debiandebian/opus< opus 1.2~alpha2-1 (bookworm)
Debianwikepage/opus< 1.2~alpha2-1+3

Patches

Patch: android.googlesource.comPatch: android.googlesource.com

🔴Vulnerability Details

2
GHSA
GHSA-28h8-v6gp-mwgv: An information disclosure vulnerability in silk/NLSF_stabilize2022-05-13
OSV
CVE-2017-0381: An information disclosure vulnerability in silk/NLSF_stabilize2017-01-12

📋Vendor Advisories

7
Apple
CVE-2017-0381: macOS High Sierra 10.132017-09-25
Apple
CVE-2017-0381: tvOS 112017-09-19
Apple
CVE-2017-0381: watchOS 42017-09-19
Apple
CVE-2017-0381: iOS 112017-09-19
Red Hat
opus: Memory corruption during media file and data processing2017-01-12

💬Community

3
Bugzilla
CVE-2017-0381 opus: Memory corruption during media file and data processing2017-01-16
Bugzilla
CVE-2017-0381 opus: Memory corruption during media file and data processing [fedora-all]2017-01-16
Bugzilla
CVE-2017-0381 opus: Memory corruption during media file and data processing [epel-all]2017-01-16