VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Mar 8, 2017· Updated May 13, 2026

CVE-2017-0486

CVE-2017-0486

Description

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in Android Mediaserver allows a specially crafted file to cause device hang or reboot.

Vulnerability

A denial of service vulnerability exists in the Mediaserver component of Android. The bug can be triggered by a specially crafted file. Affected versions include Android 6.0, 6.0.1, 7.0, and 7.1.1 [1]. The issue is identified by Android ID A-33621215 [1].

Exploitation

An attacker can exploit this vulnerability by providing a malicious file to the affected device, such as through a crafted media file delivered via a messaging app or web download. No authentication or user interaction beyond accessing the file is required. The precise mechanism involves processing the malformed input within Mediaserver, leading to an unhandled condition [1].

Impact

Successful exploitation results in a denial of service, causing the device to hang or reboot. The vulnerability is rated as High severity by Google due to the possibility of remote denial of service [1]. No code execution or data compromise is indicated.

Mitigation

Google released a fix in the March 2017 Android Security Bulletin. The fix is available as part of the 2017-03-01 security patch level [1]. Users should ensure their devices receive this update; no workaround is documented for unpatched devices.

References
  1. Android Security Bulletin—March 2017

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Google/Android6 versions
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    • (no CPE)range: Android-6.0
  • Google/mediaserverllm-fuzzy
    Range: 6.0, 6.0.1, 7.0, 7.1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.