{"api_version":"1","generated_at":"2026-05-31T08:36:43+00:00","cve":"CVE-2017-0382","urls":{"html":"https://cve.report/CVE-2017-0382","api":"https://cve.report/api/cve/CVE-2017-0382.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-0382","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-0382"},"summary":{"title":"CVE-2017-0382","description":"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.","state":"PUBLISHED","assigner":"google_android","published_at":"2017-01-12 20:59:02","updated_at":"2026-05-06 22:30:45"},"problem_types":["NVD-CWE-noinfo","Remote code execution"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://source.android.com/security/bulletin/2017-01-01.html","name":"https://source.android.com/security/bulletin/2017-01-01.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Android Security Bulletin—January 2017 | Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/95247","name":"http://www.securityfocus.com/bid/95247","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Google Android Framesequence Library CVE-2017-0382 Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-0382","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0382","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Android-5.0.2","platforms":[]},{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Android-5.1.1","platforms":[]},{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Android-6.0","platforms":[]},{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Android-6.0.1","platforms":[]},{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Android-7.0","platforms":[]},{"source":"CNA","vendor":"Google Inc.","product":"Android","version":"affected Android-7.1","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"5.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"5.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"5.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"6.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"382","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"7.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2017","cve_id":"382","cve":"CVE-2017-0382","epss":"0.002750000","percentile":"0.508690000","score_date":"2026-05-11","updated_at":"2026-05-12 00:01:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T13:03:57.051Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://source.android.com/security/bulletin/2017-01-01.html"},{"name":"95247","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/95247"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Android","vendor":"Google Inc.","versions":[{"status":"affected","version":"Android-5.0.2"},{"status":"affected","version":"Android-5.1.1"},{"status":"affected","version":"Android-6.0"},{"status":"affected","version":"Android-6.0.1"},{"status":"affected","version":"Android-7.0"},{"status":"affected","version":"Android-7.1"}]}],"datePublic":"2017-01-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390."}],"problemTypes":[{"descriptions":[{"description":"Remote code execution","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-01-13T10:57:01.000Z","orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://source.android.com/security/bulletin/2017-01-01.html"},{"name":"95247","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/95247"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@android.com","ID":"CVE-2017-0382","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-5.0.2"},{"version_value":"Android-5.1.1"},{"version_value":"Android-6.0"},{"version_value":"Android-6.0.1"},{"version_value":"Android-7.0"},{"version_value":"Android-7.1"}]}}]},"vendor_name":"Google Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote code execution"}]}]},"references":{"reference_data":[{"name":"https://source.android.com/security/bulletin/2017-01-01.html","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2017-01-01.html"},{"name":"95247","refsource":"BID","url":"http://www.securityfocus.com/bid/95247"}]}}}},"cveMetadata":{"assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","cveId":"CVE-2017-0382","datePublished":"2017-01-12T20:00:00.000Z","dateReserved":"2016-11-29T00:00:00.000Z","dateUpdated":"2024-08-05T13:03:57.051Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-01-12 20:59:02","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["NVD-CWE-noinfo","Remote code execution"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"382","Ordinal":"1","Title":"CVE-2017-0382","CVE":"CVE-2017-0382","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"382","Ordinal":"1","NoteData":"A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.","Type":"Description","Title":"CVE-2017-0382"},{"CveYear":"2017","CveId":"382","Ordinal":"2","NoteData":"2017-01-12","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"382","Ordinal":"3","NoteData":"2017-01-13","Type":"Other","Title":"Modified"}]}}}