| Vulnerability Name: | CVE-2017-0591 (CCN-126556) | ||||||||||||||||
| Assigned: | 2016-11-29 | ||||||||||||||||
| Published: | 2017-05-01 | ||||||||||||||||
| Updated: | 2017-05-19 | ||||||||||||||||
| Summary: | A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672. | ||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2017-0591 Source: BID Type: Third Party Advisory, VDB Entry 98124 Source: CCN Type: BID-98124 Google Android Mediaserver CVE-2017-0591 Remote Code Execution Vulnerability Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d Source: XF Type: UNKNOWN android-cve20170591-code-exec(126556) Source: CCN Type: Android Open Source Project Android Security BulletinMay 2017 Source: CONFIRM Type: Patch, Vendor Advisory https://source.android.com/security/bulletin/2017-05-01 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||