CVE-2017-0538

HIGH

Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution in libavc via Crafted Media File

Title source: llm

Description

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-04-01

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97330

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038201

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 47.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (9)

google/android 6.0

google/android 6.0.1

google/android 7.0

google/android 7.1.0

google/android 7.1.1

Google Inc./Android Android-6.0

Google Inc./Android Android-6.0.1

Google Inc./Android Android-7.0

Google Inc./Android Android-7.1.1

Published Apr 07, 2017

Tracked Since Feb 18, 2026