CVE-2017-0392

Name of the Vulnerable Software and Affected Versions Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1

Description The issue is related to insufficient access control in the VBRISeeker.cpp function of the libstagefright media server in the Android operating system. This can allow a remote attacker to exploit the issue and potentially compromise information confidentiality. Additionally, a remote attacker could use a specially crafted file to cause a device hang or reboot, resulting in a denial of service.

Recommendations For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, consider restricting access to the VBRISeeker.cpp function in the libstagefright media server as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.