VYPR
← All advisories
High severity7.8NVD Advisory· Published Mar 8, 2017· Updated May 13, 2026

CVE-2017-0471

CVE-2017-0471

Description

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33816782.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Remote code execution in Android Mediaserver via a specially crafted file that causes memory corruption (CVE-2017-0471); affects multiple Android versions.

Vulnerability

CVE-2017-0471 is a remote code execution (RCE) vulnerability in Android's Mediaserver component, resulting from memory corruption during media file and data processing. An attacker can exploit this by crafting a malicious file that, when processed by Mediaserver, triggers the corruption. The flaw exists in Android versions 6.0, 6.0.1, 7.0, and 7.1.1 as identified in the March 2017 Android Security Bulletin [1][2].

Exploitation

The attacker requires no special privileges beyond the ability to deliver a specially crafted media file to the target device (e.g., via email, web download, or MMS). No user interaction is needed beyond normal media processing by Mediaserver, which may occur automatically. The exploit achieves memory corruption, leading to code execution within the Mediaserver process [1][2].

Impact

Successful exploitation permits arbitrary code execution in the context of the Mediaserver process, enabling an attacker to potentially read/write sensitive data, install malicious code, or gain further access to the device. The severity is rated as Critical due to the potential for remote code execution without user interaction [1][2].

Mitigation

Google released a security patch for this issue in the March 2017 Android Security Bulletin. The fix was included in the 2017-03-01 security patch level. Users should ensure their devices have received this update. No workaround is available beyond applying the official patch [1][2].

References
  1. Android Security Bulletin—March 2017
  2. Android Security Bulletin—March 2017

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Google/Android6 versions
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    • (no CPE)range: Android-6.0
  • Android/Android Sdkllm-fuzzy
    Range: 6.0, 6.0.1, 7.0, 7.1.1
  • Google/mediaserverllm-fuzzy
    Range: 6.0, 6.0.1, 7.0, 7.1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.