CVE-2017-0405

HIGH

Android 7.0, 7.1.1 - Remote Code Execution via Surfaceflinger Media File Processing

Title source: llm

Description

A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037798

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96048

Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-02-01.html

Scores

CVSS v3 7.8

EPSS 0.0052

EPSS Percentile 66.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (5)

google/android 7.0

google/android 7.1.0

google/android 7.1.1

Google Inc./Android Android-7.0

Google Inc./Android Android-7.1.1

Published Feb 08, 2017

Tracked Since Feb 18, 2026