Lucene search

Ubuntu.comUB:CVE-2017-0592

HistoryMay 12, 2017 - 12:00 a.m.

CVE-2017-0592

2017-05-1200:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.5%

JSON

A remote code execution vulnerability in FLACExtractor.cpp in
libstagefright in Mediaserver could enable an attacker using a specially
crafted file to cause memory corruption during media file and data
processing. This issue is rated as Critical due to the possibility of
remote code execution within the context of the Mediaserver process.
Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,
7.1.2. Android ID: A-34970788.

References

launchpad.net/bugs/cve/CVE-2017-0592

nvd.nist.gov/vuln/detail/CVE-2017-0592

security-tracker.debian.org/tracker/CVE-2017-0592

source.android.com/security/bulletin/2017-05-01

www.cve.org/CVERecord?id=CVE-2017-0592

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.5%

JSON

Related for UB:CVE-2017-0592