How severe is CVE-2017-14885?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2017-14885?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2017-14885

HIGH Year: 2017

CVSS v3 Score

7.8

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-119

View all →

Vulnerability Description

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num_rates. The current behavior in this function is to validate only the num_rates of the first peer stats (peer_stats->num_rates) against WMA_SVC_MSG_MAX_SIZE, but not the sum of all the peer's num_rates (num_rates) which may lead to a buffer overflow when the firmware buffer is copied in to the allocated buffer (peer_stats) as the size for the memory allocation - link_stats_results_size is based on num_rates.

CVE-2007-6761

HIGH

CVSS:7.8(High)

drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf...

CWE-1192007

CVE-2009-0658

HIGH

CVSS:7.8(High)

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call an...

CWE-1192009

CVE-2009-4004

HIGH

CVSS:7.8(High)

Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory co...

CWE-1192009

CVE-2010-0036

HIGH

CVSS:7.8(High)

Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.

CWE-1192010

CVE-2010-1816

HIGH

CVSS:7.8(High)

Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a cr...

CWE-1192010

CVE-2010-3081

HIGH

CVSS:7.8(High)

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit...

CWE-1192010

CVE-2017-14885

Vulnerability Description

Related Vulnerabilities

CVE-2007-6761

CVE-2009-0658

CVE-2009-4004

CVE-2010-0036

CVE-2010-1816

CVE-2010-3081