Vulnerabilities > CVE-2017-0392 - Unspecified vulnerability in Google Android

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

google

NVD

Published: 2017-01-12

Updated: 2019-10-03

Summary

A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 7.1.0 Google Android 5.1.0 Google Android 4.2 Google Android 4.1 Google Android 5.0.2 Google Android 6.0.1 Google Android 6.0 Google Android 4.0.2 Google Android 4.4.3 Google Android 4.0.4 Google Android 4.3 Google Android 4.0.1 Google Android 4.4.4 Google Android 7.0 Google Android 4.2.1 Google Android 5.0.1 Google Android 5.0 Google Android 4.0.3 Google Android 4.0 Google Android 4.4 Google Android 4.4.1 Google Android 5.1.1 Google Android 4.2.2 Google Android 4.3.1 Google Android 4.4.2 Google Android 5.1 Google Android 4.1.2	27

Seebug

bulletinFamily	exploit
description	VBRISeeker::CreateFromSource() may cause an uncaught c++ exception due to trying to allocate a buffer where the size is attacker controllable. Fix: https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c PoC: https://github.com/derrekr/android_security/blob/master/CVE-2017-0392/vbri_test.mp3
id	SSV:92874
last seen	2017-11-19
modified	2017-04-04
published	2017-04-04
reporter	Root
title	Google Android Mediaserver Multiple Denial of Service Vulnerabilities（CVE-2017-0392）

Summary

Vulnerable Configurations

Seebug

References