CVE-2017-0393

EUVD-2017-0747
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
googleandroid
4.4.4
googleandroid
5.0
googleandroid
5.0.1
googleandroid
5.0.2
googleandroid
5.1
googleandroid
5.1.0
googleandroid
5.1.1
googleandroid
6.0
googleandroid
6.0.1
googleandroid
7.0
googleandroid
7.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvpx
bookworm
1.12.0-1+deb12u3
fixed
bookworm (security)
1.12.0-1+deb12u3
fixed
bullseye
1.9.0-1+deb11u3
fixed
bullseye (security)
1.9.0-1+deb11u3
fixed
jessie
ignored
sid
1.14.1-1
fixed
trixie
1.14.1-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
artful
dne
bionic
dne
precise
dne
trusty
dne
xenial
ignored
yakkety
ignored
zesty
ignored
References
http://www.securityfocus.com/bid/95230
https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc
https://source.android.com/security/bulletin/2017-01-01.html
http://www.securityfocus.com/bid/95230
https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc
https://source.android.com/security/bulletin/2017-01-01.html