{
  "id": "CVE-2017-11087",
  "sourceIdentifier": "product-security@qualcomm.com",
  "published": "2018-03-30T21:29:00.293",
  "lastModified": "2018-04-25T15:00:32.783",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the \"filled length\", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver."
    },
    {
      "lang": "es",
      "value": "libOmxVenc en Android for MSM, Firefox OS for MSM y QRD Android copia el b\u00fafer de salida a una aplicaci\u00f3n con una longitud mayor al tama\u00f1o real del b\u00fafer de salida, lo que provoca un problema de fuga de informaci\u00f3n en el contexto del mediaserver."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/103669",
      "source": "product-security@qualcomm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://source.android.com/security/bulletin/pixel/2018-02-01",
      "source": "product-security@qualcomm.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}