| Vulnerability Name: | CVE-2017-0478 (CCN-123034) | ||||||||||||
| Assigned: | 2016-11-29 | ||||||||||||
| Published: | 2017-03-06 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-0478 Source: CCN Type: Android Open Source Project Android Security BulletinMarch 2017 Source: BID Type: UNKNOWN 96762 Source: CCN Type: BID-96762 Google Android Framesequence Library CVE-2017-0478 Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1037968 Source: XF Type: UNKNOWN android-cve20170478-code-exec(123034) Source: MISC Type: UNKNOWN https://github.com/JiounDai/CVE-2017-0478 Source: CONFIRM Type: UNKNOWN https://source.android.com/security/bulletin/2017-03-01 Source: MISC Type: Vendor Advisory https://source.android.com/security/bulletin/2017-03-01.html | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||