CVE-2017-0761
Description
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote code execution vulnerability in libavc of the Android media framework affects versions 6.0 through 8.0, allowing arbitrary code execution.
Vulnerability
A remote code execution vulnerability exists in the libavc component of the Android media framework. The issue affects Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID A-38448381) [1]. The bug resides in how the library handles crafted media content, allowing memory corruption when processing specially crafted files.
Exploitation
An attacker can exploit this vulnerability by enticing a user to process a malicious media file (e.g., via a web page or application). No special authentication or network position is required beyond delivering the crafted file to the device. The exploit does not require user interaction beyond the normal action of opening the media file [1].
Impact
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code within the context of the media server process. This can lead to full compromise of the affected device's media capabilities and potentially escalate to further system-level access, depending on the privileges of the media server [1].
Mitigation
The vulnerability is fixed in the Android Security Bulletin for September 2017 [1]. Users should update their devices to the latest security patch level provided by their manufacturer. No workaround is available beyond applying the official patch. Devices running a supported version of Android that receive security updates are protected once the update is applied.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
- (no CPE)range: 6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- source.android.com/security/bulletin/2017-09-01nvdPatchVendor Advisory
- www.securityfocus.com/bid/100649nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.