What is CVE-2017-18675?

CVE-2017-18675 is a high-severity vulnerability in Google Android, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 7.5/10. Published 2020-04-07.

How severe is CVE-2017-18675?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Google Android

CVE-2017-18675

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017).

EPSS: 0.004 (33.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Google Android — versions 6.0, 7.0, 7.1.0
Samsung Exynos_7420
Samsung Exynox_8890
N/a — versions n/a

Weakness classification (CWE)

CWE-772 — Missing Release of Resource after Effective Lifetime

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-18675?: CVE-2017-18675 is a high-severity vulnerability in Google Android, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 7.5/10. Published 2020-04-07.
How severe is CVE-2017-18675?: High severity. CVSS v3 base score is 7.5 out of 10.