CVE-2017-0382INC Android vulnerability

3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 49.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedJan 12
Latest updateMay 13

Description

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android10 versions+9
CVEListV5google_inc/android6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-j7m9-86x4-qq5g: A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code i2022-05-13

📋Vendor Advisories

1
Android
CVE-2017-0382: Android Security Bulletin 2017-01-01 CVE: CVE-2017-0382 Severity: HIGH Affected AOSP versions: 52017-01-01