CVE-2017-0478

HIGH

Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution via Framesequence Library

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-0478. PoCs published by likekabin, bingghost.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2017-0478, a vulnerability in Android's FrameSequence library. The PoC includes Java code to trigger the vulnerability by decoding a malformed WebP file, demonstrating the issue in the FrameSequence_webp.cpp component.

Description

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.

Exploits (2)

nomisec WORKING POC
by likekabin · poc
https://github.com/likekabin/CVE-2017-0478

This repository contains a functional proof-of-concept exploit for CVE-2017-0478, a vulnerability in Android's FrameSequence library. The PoC includes Java code to trigger the vulnerability by decoding a malformed WebP file, demonstrating the issue in the FrameSequence_webp.cpp component.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android (AOSP FrameSequence library)
No auth needed
Prerequisites: Android device with vulnerable FrameSequence library · Malformed WebP file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by bingghost · poc
https://github.com/bingghost/CVE-2017-0478

This repository contains a functional proof-of-concept for CVE-2017-0478, a vulnerability in Android's FrameSequence library related to WebP image handling. The PoC includes Java code to test animated WebP and GIF sequences, demonstrating the vulnerability by leveraging the FrameSequenceDrawable class.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android (FrameSequence library)
No auth needed
Prerequisites: Android device with vulnerable FrameSequence library · Ability to load malicious WebP/GIF files
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-03-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037968
Various Sources x_refsource_misc
https://github.com/JiounDai/CVE-2017-0478
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96762

Scores

CVSS v3 7.8
EPSS 0.0646
EPSS Percentile 91.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (17)
google/android 5.0
google/android 5.0.1
google/android 5.0.2
google/android 5.1
google/android 5.1.0
google/android 5.1.1
google/android 6.0
google/android 6.0.1
google/android 7.0
google/android 7.1.0
... and 7 more
Published Mar 08, 2017
Tracked Since Feb 18, 2026