How severe is CVE-2017-8159?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2017-8159?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2017-8159 - HIGH Severity | CVSS 7.8

Vulnerability Description

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.

Related Vulnerabilities

CVE-2014-9627

HIGH

CVSS:7.8(High)

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows rem...

CWE-7042014

CVE-2016-4709

HIGH

CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.

CWE-7042016

CVE-2016-4710

HIGH

CVSS:7.8(High)

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

CWE-7042016

CVE-2016-7617

HIGH

CVSS:7.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context...

CWE-7042016

CVE-2016-7655

HIGH

CVSS:7.8(High)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users ...

CWE-7042016

CVE-2016-8602

HIGH

CVSS:7.8(High)

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript...

CWE-7042016