CVE-2017-0499Improper Input Validation in INC Android

CWE-20Improper Input Validation23 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Flac Project FlacGoogle INC AndroidGoogle Android
Timeline
PublishedMar 8
Latest updateNov 21

Description

A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDgoogle/android11 versions+10
CVEListV5google_inc/android5 versions+4
Ubuntuflac_project/flac< 1.3.2-1ubuntu0.1+4

🔴Vulnerability Details

2
OSV
flac vulnerabilities2022-11-21
GHSA
GHSA-87g7-2h8c-64r2: A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot2022-05-17

📋Vendor Advisories

1
Android
CVE-2017-0499: Android Security Bulletin 2017-03-01 CVE: CVE-2017-0499 Severity: LOW Affected AOSP versions: 52017-03-01

💬Community

19
Bugzilla
CVE-2017-14450 SDL2_image: buffer overflow in the GIF image parsing2018-03-06
Bugzilla
CVE-2017-5039 chromium-browser: use after free in pdfium2017-03-10
Bugzilla
CVE-2017-5038 chromium-browser: use after free in guestview2017-03-10
Bugzilla
CVE-2017-5040 chromium-browser: information disclosure in v82017-03-10
Bugzilla
CVE-2017-5032 chromium-browser: out of bounds write in pdfium2017-03-10