Candidate: CVE-2017-0589
PublicDate: 2017-05-12 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0589
 https://source.android.com/security/bulletin/2017-05-01
Description:
 A remote code execution vulnerability in libhevc in Mediaserver could
 enable an attacker using a specially crafted file to cause memory
 corruption during media file and data processing. This issue is rated as
 Critical due to the possibility of remote code execution within the context
 of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0,
 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_android:
 upstream: https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199
upstream_android: needs-triage
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE