CVE-2017-0691

Published: 06 July 2017

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
digikam
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)

Notes

AuthorNote
sbeattie
google commit points to a fix in an embedded copy of Adobe
DNG Software Development Kit (SDK). digikam apparently also has an
embedded copy of this software in the kipi-plugins package for
DNGconverter. Vuln is an integer overflow, so possibly more than a
DoS.

References