CVE Vulnerabilities

CVE-2017-0769

Improper Resource Shutdown or Release

Published: Sep 08, 2017 | Modified: Oct 03, 2019
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name Vendor Start Version End Version
Android Google 7.1.0 7.1.0
Android Google 7.1.2 7.1.2
Android Google 7.0 7.0
Android Google 8.0 8.0
Android Google 7.1.1 7.1.1

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

References