PT-2017-13749 · Mozilla+1 · Firefox Os+2

Published

2017-12-05

Updated

2019-10-03

CVE-2017-14904

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description A crafted binder request can cause an arbitrary unmap in MediaServer, potentially leading to issues in the MediaServer component.

Recommendations For Android for MSM, consider restricting access to the MediaServer component until a fix is available. For Firefox OS for MSM, avoid using the vulnerable MediaServer functionality until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the MediaServer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2017-14904

Affected Products

Android

Firefox Os

Mediaserver

PT-2017-13749 · Mozilla+1 · Firefox Os+2

CVE-2017-14904

Weakness Enumeration

Related Identifiers

Affected Products

References · 5