Candidate: CVE-2017-0592
PublicDate: 2017-05-12 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0592
 https://source.android.com/security/bulletin/2017-05-01
Description:
 A remote code execution vulnerability in FLACExtractor.cpp in
 libstagefright in Mediaserver could enable an attacker using a specially
 crafted file to cause memory corruption during media file and data
 processing. This issue is rated as Critical due to the possibility of
 remote code execution within the context of the Mediaserver process.
 Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,
 7.1.2. Android ID: A-34970788.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_android:
 upstream: https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922
upstream_android: needs-triage
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE