CVE-2017-0733

A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	5.0 (including)	5.0 (including)
Android	Google	5.0.1 (including)	5.0.1 (including)
Android	Google	5.0.2 (including)	5.0.2 (including)
Android	Google	5.1 (including)	5.1 (including)
Android	Google	5.1.0 (including)	5.1.0 (including)
Android	Google	5.1.1 (including)	5.1.1 (including)
Android	Google	6.0 (including)	6.0 (including)
Android	Google	6.0.1 (including)	6.0.1 (including)
Android	Google	7.0 (including)	7.0 (including)
Android	Google	7.1.0 (including)	7.1.0 (including)
Android	Google	7.1.1 (including)	7.1.1 (including)
Android	Google	7.1.2 (including)	7.1.2 (including)

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-0733
CWE	https://cwe.mitre.org/data/definitions/404.html

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

References

CVE-2017-0733

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References