CVE-2017-0595
Description
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local app can exploit libstagefright in Mediaserver to gain elevated privileges and execute arbitrary code in a privileged process.
Vulnerability
An elevation of privilege vulnerability exists in libstagefright within Mediaserver on Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The flaw allows a malicious application to trigger memory corruption or other issues that lead to code execution in the context of a privileged process.
Exploitation
A local attacker must install a malicious application on the device. No additional permissions are required beyond those normally granted to third-party apps. The application then exploits the vulnerability in libstagefright to execute arbitrary code within the Mediaserver process.
Impact
Successful exploitation results in arbitrary code execution with the privileges of the Mediaserver process, which runs at a higher privilege level. This enables the attacker to gain elevated capabilities normally not accessible to third-party applications, such as accessing sensitive data or performing privileged operations.
Mitigation
Google addressed this vulnerability in the May 2017 Android Security Bulletin [1]. Users should apply the security patch level 2017-05-01 or later to their devices. No workarounds are available; updating is the recommended mitigation.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
31cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
- (no CPE)range: 4.4.4
- Range: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1
- Range: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1nvdIssue TrackingPatchThird Party Advisory
- source.android.com/security/bulletin/2017-05-01nvdPatchVendor Advisory
- www.securityfocus.com/bid/98129nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.