CVE-2017-0588Improper Restriction of Operations within the Bounds of a Memory Buffer in INC Android

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 51.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedMay 12
Latest updateMay 17

Description

A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android29 versions+28
CVEListV5google_inc/android8 versions+7

Patches

Patch: android.googlesource.comPatch: source.android.comPatch: android.googlesource.com

🔴Vulnerability Details

2
GHSA
GHSA-4wfc-8fcx-7xm7: A remote code execution vulnerability in id3/ID32022-05-17
OSV
CVE-2017-0588: A remote code execution vulnerability in id3/ID32017-05-12

📋Vendor Advisories

1
Android
CVE-2017-0588: Android Security Bulletin 2017-05-01 CVE: CVE-2017-0588 Severity: CRITICAL Affected AOSP versions: 42017-05-01