CVE-2017-0539

Name of the Vulnerable Software and Affected Versions Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1

Description A remote code execution issue in the libhevc component of Mediaserver could allow an attacker to cause memory corruption during media file and data processing using a specially crafted file. This could enable remote code execution within the context of the Mediaserver process. The issue is related to a buffer overflow in memory.

Recommendations For versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that includes the fix for the libhevc component in Mediaserver. At the moment, there is no information about a newer version that contains a fix for this vulnerability.