CVE-2017-0855
HIGHAndroid 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Denial of Service via MPEG4Extractor Memory Leak
Title source: llmDescription
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-01-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040106
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102414
Scores
CVSS v3
7.5
EPSS
0.0176
EPSS Percentile
75.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (7)
google/android
5.1.1
google/android
6.0
google/android
6.0.1
google/android
7.0
google/android
7.1.1
google/android
7.1.2
google/android
8.0
Published
Jan 12, 2018
Tracked Since
Feb 18, 2026