CVE-2017-0663

MEDIUM

Description

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

References

http://www.debian.org/security/2017/dsa-3952

http://www.securityfocus.com/bid/98877

http://www.securitytracker.com/id/1038623

https://security.gentoo.org/glsa/201711-01

https://source.android.com/security/bulletin/2017-06-01

Details

Source: MITRE

Published: 2017-06-14

Updated: 2017-11-11

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH