CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2017-0545
https://notcve.org/view.php?id=CVE-2017-0545
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350. • http://www.securityfocus.com/bid/97346 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 • CWE-682: Incorrect Calculation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0556
https://notcve.org/view.php?id=CVE-2017-0556
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952. • http://www.securityfocus.com/bid/97332 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b https://source.android.com/security/bulletin/2017-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0552
https://notcve.org/view.php?id=CVE-2017-0552
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097915. • http://www.securityfocus.com/bid/97336 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf https://source.android.com/security/bulletin/2017-04-01 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0566
https://notcve.org/view.php?id=CVE-2017-0566
An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. • http://www.securityfocus.com/bid/97351 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0542
https://notcve.org/view.php?id=CVE-2017-0542
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. • http://www.securityfocus.com/bid/97330 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b https://source.android.com/security/bulletin/2017-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •