VYPR
← All advisories
High severity7.8NVD Advisory· Published Sep 8, 2017· Updated May 13, 2026

CVE-2017-0757

CVE-2017-0757

Description

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability in Android's libavc media library allows arbitrary code execution via a crafted file.

Vulnerability

A remote code execution vulnerability exists in the libavc library of Android's media framework. The bug can be triggered when processing specially crafted media files. Affected versions: Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 [1].

Exploitation

An attacker can exploit this vulnerability by delivering a malicious media file to a user and convincing them to open it. No authentication is required, but user interaction is necessary. The crafted file triggers the vulnerability in libavc, leading to memory corruption that allows arbitrary code execution.

Impact

Successful exploitation results in arbitrary code execution within the context of the media server process. This could allow an attacker to gain elevated privileges or access sensitive data depending on the application processing the file.

Mitigation

The vulnerability was fixed in the Android September 2017 security patch level. Users are advised to update their devices to a build that includes this patch. There is no known workaround for affected versions without the update [1].

References
  1. Android Security Bulletin—September 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Google/Android7 versions
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
    • (no CPE)range: 6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.