Candidate: CVE-2017-0637
PublicDate: 2017-06-14 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0637
 https://source.android.com/security/bulletin/2017-06-01
Description:
 A remote code execution vulnerability in libhevc in Mediaserver could
 enable an attacker using a specially crafted file to cause memory
 corruption during media file and data processing. This issue is rated as
 Critical due to the possibility of remote code execution within the context
 of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0,
 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_android:
 upstream: https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258
upstream_android: needs-triage
precise/esm_android: DNE
trusty_android: ignored (abandoned)
trusty/esm_android: DNE (trusty was ignored [abandoned])
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
xenial_android: ignored (abandoned)
yakkety_android: ignored (reached end-of-life)
zesty_android: ignored (reached end-of-life)
artful_android: DNE
bionic_android: DNE
devel_android: DNE