CVE-2017-0587

A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
google_androidCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
googleandroid
6.0
googleandroid
6.0.1
googleandroid
7.0
googleandroid
7.1.0
googleandroid
7.1.1
googleandroid
7.1.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
ignored
yakkety
ignored
xenial
ignored
trusty
dne
mpeg2dec
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98119
https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7
https://source.android.com/security/bulletin/2017-05-01
http://www.securityfocus.com/bid/98119
https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7
https://source.android.com/security/bulletin/2017-05-01