CVE-2017-18130
Description
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while playing an ASF file, a buffer over-read can potentially occur.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in ASF file parsing on Qualcomm Snapdragon chips could lead to information disclosure.
Vulnerability
A buffer over-read vulnerability exists in Android's handling of ASF (Advanced Systems Format) files on multiple Qualcomm Snapdragon chipsets, including MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, and SD 845. The issue occurs when playing a crafted ASF file and can be triggered without special permissions. Affected are Android versions before the 2018-04-05 security patch level [1].
Exploitation
An attacker can exploit this vulnerability by convincing a user to play a malicious ASF file, for example, through a media player or messaging application. No authentication or elevated privileges are required; the attack vector is local and user interaction is necessary [1].
Impact
Successful exploitation could lead to an information disclosure from the device's memory, potentially exposing sensitive data. The buffer over-read may allow an attacker to read beyond the intended memory bounds [1].
Mitigation
The vulnerability is fixed in the Android security patch level of 2018-04-05. Users should ensure their devices are updated to this patch or later. No workarounds are available, but applying the patch fully mitigates the issue [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.