CVE-2017-0405 Google CVE debrief

Who should care

Android OEMs, device fleet operators, mobile security teams, and users or admins responsible for Android 7.0/7.1.0/7.1.1 systems should treat this as important, especially where media content is received or processed from untrusted sources.

Technical summary

NVD identifies the weakness as CWE-119 and assigns CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerable component is Surfaceflinger, and the trigger is a specially crafted file that leads to memory corruption during processing. Because successful exploitation can execute code in the Surfaceflinger process, the main defensive concern is integrity of the media-processing path and timely vendor patch adoption on affected Android 7.x builds.

Defensive priority

High

Recommended defensive actions

• Verify whether any Android 7.0, 7.1.0, or 7.1.1 devices are still in service and prioritize patching or retirement.
• Apply the Android security bulletin guidance referenced by the official Android advisory for the 2017-02-01 bulletin.
• Restrict exposure to untrusted media files and content flows where possible, especially on unmanaged or legacy devices.
• Confirm device vendor patch level and maintenance status for Surfaceflinger-related fixes across the fleet.
• Treat this as a high-priority legacy Android issue even though the CVSS score is High, because the vendor bulletin classifies it as Critical.

Evidence notes

The CVE record published on 2017-02-08 states that a specially crafted file can cause memory corruption in Surfaceflinger during media file and data processing, enabling remote code execution. NVD's official detail lists Android 7.0, 7.1.0, and 7.1.1 as affected, with CVSS v3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and CWE-119. The NVD record references the Android Security Bulletin dated 2017-02-01 as the vendor advisory. The later NVD modified date in the supplied timeline reflects record maintenance, not the original vulnerability date.

Official resources