Information Disclosure Vulnerability in NVIDIA Widevine on Android
CVE-2018-6246

5.3MEDIUM

Key Information:

Vendor: Nvidia
Status: Android
Vendor: CVE Published:; 7 May 2018

Summary

A vulnerability exists in the NVIDIA Widevine Trustlet for Android devices prior to the May 2018 security patch. This weakness allows the software to read data beyond the boundaries of allocated buffers, potentially leading to unauthorized information disclosure. This issue affects a range of Android devices and poses a risk of exposing sensitive data to attackers, necessitating prompt updates to the latest security patches.

Affected Version(s)

Android NA

References

https://source.android.com/security/bulletin/pixel/2018-0...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2018
Vulnerability Reserved
Jan 25, 2018