CVE-2017-0539
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33864300.
Vulnerabilidad de ejecución remota de código en libhevc en Mediaserver podría permitir a un atacante usar un archivo especialmente manipulado provocar daños en la memoria durante el procesamiento de archivos multimedia y datos. Este problema se considera crítico debido a la posibilidad de ejecución remota de código dentro del contexto del proceso Mediaserver. Producto: Android. Versiones: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. ID de Android: A-33864300.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-29 CVE Reserved
- 2017-04-07 CVE Published
- 2023-08-23 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97330 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038201 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254 | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2017-04-01 | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.0 Search vendor "Google" for product "Android" and version "5.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.0.1 Search vendor "Google" for product "Android" and version "5.0.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.0.2 Search vendor "Google" for product "Android" and version "5.0.2" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.1 Search vendor "Google" for product "Android" and version "5.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.1.0 Search vendor "Google" for product "Android" and version "5.1.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 5.1.1 Search vendor "Google" for product "Android" and version "5.1.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0 Search vendor "Google" for product "Android" and version "6.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0.1 Search vendor "Google" for product "Android" and version "6.0.1" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 7.0 Search vendor "Google" for product "Android" and version "7.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 7.1.0 Search vendor "Google" for product "Android" and version "7.1.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 7.1.1 Search vendor "Google" for product "Android" and version "7.1.1" | - |
Affected
| ||||||