Vulnerabilities > CVE-2017-0392 - Denial of Service vulnerability in Google Android Mediaserver

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
google

Summary

A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.

Seebug

bulletinFamilyexploit
descriptionVBRISeeker::CreateFromSource() may cause an uncaught c++ exception due to trying to allocate a buffer where the size is attacker controllable. Fix: https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c PoC: https://github.com/derrekr/android_security/blob/master/CVE-2017-0392/vbri_test.mp3
idSSV:92874
last seen2017-11-19
modified2017-04-04
published2017-04-04
reporterRoot
titleGoogle Android Mediaserver Multiple Denial of Service Vulnerabilities(CVE-2017-0392)