CVE-2017-0390

Name of the Vulnerable Software and Affected Versions Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1

Description A denial of service issue in the Mediaserver component, specifically in Tremolo/dpen.s, could allow a remote attacker to cause a device hang or reboot using a specially crafted file. This issue is related to insufficient access control in the Mediaserver function, potentially allowing a remote attacker to compromise information confidentiality.

Recommendations For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, consider restricting access to the Mediaserver component, specifically the Tremolo/dpen.s function, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.