CVE-2017-0663
Summary
| CVE | CVE-2017-0663 |
|---|---|
| State | PUBLISHED |
| Assigner | google_android |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-14 13:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. |
Risk And Classification
Primary CVSS: v3.0 7.8 HIGH from [email protected]
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-787 | Remote code execution
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Android | 4.4.4 | All | All | All | |
| Operating System | Android | 5.0.2 | All | All | All | |
| Operating System | Android | 5.1.1 | All | All | All | |
| Operating System | Android | 6.0 | All | All | All | |
| Operating System | Android | 6.0.1 | All | All | All | |
| Operating System | Android | 7.0 | All | All | All | |
| Operating System | Android | 7.1.1 | All | All | All | |
| Operating System | Android | 7.1.2 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Google Inc. | Android | affected Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e69... | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | |
| libxml2: Multiple vulnerabilities (GLSA 201711-01) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| Android Security Bulletin—June 2017 | Android Open Source Project | af854a3a-2127-422b-91ae-364da2661108 | source.android.com | Vendor Advisory |
| Google Android Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Apps Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450... | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | |
| Debian -- Security Information -- DSA-3952-1 libxml2 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Google Android Libraries Multiple Remote Code Execution Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Pony Mail! | MITRE | lists.apache.org | |
| Pony Mail! | MITRE | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.