CVE-2017-0543

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866.

CVSS v3 7.8 HIGH
CVSS v2.0 9.3 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/97330	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038201
https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f	Issue Tracking Patch Third Party Advisory
https://source.android.com/security/bulletin/2017-04-01	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*
	cpe:2.3:o:google:android:7.0:::::::*
	cpe:2.3:o:google:android:7.1.0:::::::*
	cpe:2.3:o:google:android:7.1.1:::::::*

History

No history.

Information

Published : 2017-04-07 22:59

Updated : 2023-12-10 12:01

NVD link : CVE-2017-0543

Mitre link : CVE-2017-0543

CVE.ORG link : CVE-2017-0543

JSON object : View

Products Affected

google

android

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2017-0543", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-04-07T22:59:00.403", "references": [{"url": "http://www.securityfocus.com/bid/97330", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@android.com"}, {"url": "http://www.securitytracker.com/id/1038201", "source": "security@android.com"}, {"url": "https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2017-04-01", "tags": ["Vendor Advisory"], "source": "security@android.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en libavc en Mediaserver podr\u00eda permitir a un atacante usando un archivo especialmente manipulado provocar da\u00f1os en la memoria durante el procesamiento de archivos multimedia y datos. Este problema se considera cr\u00edtico debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo dentro del contexto del proceso Mediaserver. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. ID de Android: A-34097866."}], "lastModified": "2017-07-11T01:33:27.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295"}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807"}, {"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"}, {"criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8"}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}