CVE-2017-0813

HIGH

Android 7.0, 7.1.1, 7.1.2 - Denial of Service in Media Framework

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0813. PoCs published by codecat007.

AI-analyzed exploit summary The repository contains a detailed AddressSanitizer (ASAN) error log demonstrating a memory corruption vulnerability (alloc-dealloc-mismatch) in Android's Stagefright library, specifically in the MPEG4Extractor component. The log provides a stack trace and technical details about the vulnerability, but no functional exploit code is present.

Description

A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.

Exploits (1)

github WRITEUP 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/CVE-2017-0813

View Code ZIP pw:eip

The repository contains a detailed AddressSanitizer (ASAN) error log demonstrating a memory corruption vulnerability (alloc-dealloc-mismatch) in Android's Stagefright library, specifically in the MPEG4Extractor component. The log provides a stack trace and technical details about the vulnerability, but no functional exploit code is present.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Android Stagefright (libstagefright)

No auth needed

Prerequisites: Malformed MP4 file to trigger the vulnerability

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/pixel/2017-10-01

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101151

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41

Scores

CVSS v3 7.5

EPSS 0.0038

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (7)

google/android 7.0

google/android 7.1.0

google/android 7.1.1

google/android 7.1.2

Google Inc./Android 7.0

Google Inc./Android 7.1.1

Google Inc./Android 7.1.2

Published Oct 04, 2017

Tracked Since Feb 18, 2026