CVE-2017-0409
HIGHAndroid 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution in libstagefright
Title source: llmDescription
A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037798
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96091
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-02-01.html
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (9)
google/android
6.0
google/android
6.0.1
google/android
7.0
google/android
7.1.0
google/android
7.1.1
Google Inc./Android
Android-6.0
Google Inc./Android
Android-6.0.1
Google Inc./Android
Android-7.0
Google Inc./Android
Android-7.1.1
Published
Feb 08, 2017
Tracked Since
Feb 18, 2026