Candidate: CVE-2017-0590
PublicDate: 2017-05-12 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0590
 https://source.android.com/security/bulletin/2017-05-01
Description:
 A remote code execution vulnerability in libhevc in Mediaserver could
 enable an attacker using a specially crafted file to cause memory
 corruption during media file and data processing. This issue is rated as
 Critical due to the possibility of remote code execution within the context
 of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0,
 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_android:
 upstream: https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7
upstream_android: needs-triage
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE