CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0547
https://notcve.org/view.php?id=CVE-2017-0547
An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560. • http://www.securityfocus.com/bid/97338 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6 https://source.android.com/security/bulletin/2017-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0578
https://notcve.org/view.php?id=CVE-2017-0578
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406. • http://www.securityfocus.com/bid/97358 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0546
https://notcve.org/view.php?id=CVE-2017-0546
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763. • http://www.securityfocus.com/bid/97341 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0550
https://notcve.org/view.php?id=CVE-2017-0550
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140. • http://www.securityfocus.com/bid/97336 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51 https://source.android.com/security/bulletin/2017-04-01 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0542
https://notcve.org/view.php?id=CVE-2017-0542
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. • http://www.securityfocus.com/bid/97330 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b https://source.android.com/security/bulletin/2017-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •