← Back

CVE-2017-0836

nvd nist
Published: Nov 16, 2017Modified: May 13, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

Affected (8)

Products: Google: Android
Google
1 product
Android
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Google
Android
Version 5.0.2
Android
Version 5.1.1
Android
Version 6.0.1
Android
Version 6.0
Android
Version 7.0
Android
Version 7.1.1
Android
Version 7.1.2
Android
Version 8.0

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

Source: security@android.com
Third Party AdvisoryVDB Entry
Source: security@android.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.