CVE-2017-10904

Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
artful
ignored
zesty
ignored
xenial
ignored
trusty
ignored
qtbase-opensource-src
artful
ignored
zesty
ignored
xenial
ignored
trusty
dne
Common Weakness Enumeration
References
https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/
https://jvn.jp/en/jp/JVN67389262/index.html
https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/
https://jvn.jp/en/jp/JVN67389262/index.html