CVE-2017-0400

EUVD-2017-0754
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
googleandroid
5.0
googleandroid
5.0.1
googleandroid
5.1
googleandroid
5.1.0
googleandroid
6.0
googleandroid
6.0.1
googleandroid
7.0
googleandroid
7.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95226
https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac
https://source.android.com/security/bulletin/2017-01-01.html
http://www.securityfocus.com/bid/95226
https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac
https://source.android.com/security/bulletin/2017-01-01.html