CVE-2017-0594

Name of the Vulnerable Software and Affected Versions Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2

Description An elevation of privilege issue in the codecs/aacenc/SoftAACEncoder2.cpp function of the libstagefright service in the Mediaserver application could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application.

Recommendations For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, consider disabling the SoftAACEncoder2.cpp function as a temporary workaround until a patch is available. Restrict access to the libstagefright service to minimize the risk of exploitation. Avoid using the Mediaserver application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.