CVE-2017-0588
Status: Analyzed
Last modified:
19-05-2017
Published:
12-05-2017
7.8
SUMMARY CVE-2017-0588
A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.
Access CVSS3 CVE-2017-0588
Attack Complexity | Attack Vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
LOW | LOCAL | NONE | UNCHANGED | REQUIRED |
Impact CVSS3 CVE-2017-0588
Confidentiality | Integrity | Availability |
---|---|---|
HIGH | HIGH | HIGH |
Details CVE-2017-0588
EPSS | 0.00279 |
---|---|
EPSS % | 0.68788 |
References | |
CWE | CWE-119 |
CAPEC |
|
Vulnerable Configurations |
|
CVSS3 Source | nvd@nist.gov |
CVSS3 Type | Primary |
CVSS3 Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |