{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "Google Inc.", "versions": [{"status": "affected", "version": "Android-7.0"}, {"status": "affected", "version": "Android-7.1.1"}]}], "datePublic": "2017-02-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-24T12:57:01.000Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"name": "1037798", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037798"}, {"name": "96048", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96048"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-02-01.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2017-0405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android-7.0"}, {"version_value": "Android-7.1.1"}]}}]}, "vendor_name": "Google Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "1037798", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037798"}, {"name": "96048", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96048"}, {"name": "https://source.android.com/security/bulletin/2017-02-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2017-02-01.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:03:57.146Z"}, "title": "CVE Program Container", "references": [{"name": "1037798", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037798"}, {"name": "96048", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96048"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2017-02-01.html"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-0405", "datePublished": "2017-02-08T15:00:00.000Z", "dateReserved": "2016-11-29T00:00:00.000Z", "dateUpdated": "2024-08-05T13:03:57.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC30B2A2-9674-4052-B402-20348E50F9E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el Surfaceflinger podr\u00eda habilitar un ataque usando un archivo especialmente manipulado a provocar corrupci\u00f3n de memoria durante el procesamiento de archivos multimedia y datos. Este problema se califica como Critical debido a la posibilidad de ejecutar c\u00f3digo remoto en el contexto de procesos de Surfaceflinger. Producto: Android. Versiones: 7.0, 7.1.1. Android ID: A-31960359."}], "id": "CVE-2017-0405", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-08T15:59:00.597", "references": [{"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96048"}, {"source": "security@android.com", "url": "http://www.securitytracker.com/id/1037798"}, {"source": "security@android.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-02-01.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2017-02-01.html"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}