VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Mar 8, 2017· Updated May 13, 2026

CVE-2017-0485

CVE-2017-0485

Description

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Android Mediaserver allows remote attackers to cause device hang or reboot via a specially crafted file.

Vulnerability

A denial of service vulnerability exists in the Mediaserver component of Android. The bug is triggered when processing a specially crafted file, leading to a device hang or reboot. Affected versions include Android 6.0, 6.0.1, 7.0, and 7.1.1. The issue is identified as Android ID A-33387820 and is rated High severity due to the potential for remote denial of service [1].

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted file to the target device, for example via a web page, email attachment, or other means. User interaction is required to open the file, which then triggers the flaw in Mediaserver. No authentication or special privileges are needed, and the attack can be launched remotely [1].

Impact

Successful exploitation causes the device to hang or reboot, resulting in a denial of service. The impact is limited to availability; there is no evidence of data compromise or privilege escalation. The device becomes temporarily unusable until the reboot completes [1].

Mitigation

The vulnerability is fixed in the Android security update released on March 1, 2017. Users should apply the update from their device manufacturer or carrier. For devices that cannot be updated, avoiding the opening of untrusted media files may reduce risk. No workaround is provided by the vendor [1].

References
  1. Android Security Bulletin—March 2017

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Google/Android6 versions
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    • (no CPE)range: Android-6.0
  • Android/Android Sdkllm-fuzzy
    Range: 6.0, 6.0.1, 7.0, 7.1.1
  • Google/mediaserverllm-fuzzy
    Range: 6.0, 6.0.1, 7.0, 7.1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.