CVE-2017-18074

Name of the Vulnerable Software and Affected Versions: Android versions prior to security patch level 2018-04-05

Description: The issue is caused by insufficient input validation in the Qualcomm Audio component of the Android operating system when playing WMA files. This can lead to a reachable assert when a .wma file with a modified media header and a non-standard bytes per second parameter value is played. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information using a specially crafted WMA file with a modified header.

Recommendations: For Android versions prior to security patch level 2018-04-05, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .wma files with modified media headers to minimize the risk of exploitation. Restrict access to untrusted .wma files to prevent potential attacks.