PatchSiren cyber security CVE debrief

CVE-2017-0406 Google CVE debrief

CVE-2017-0406 describes a memory-corruption flaw in Android's Mediaserver processing path for libhevc. Google characterized it as a remote code execution issue, while NVD rates it 7.8 HIGH with a CVSS 3.0 vector indicating local access and user interaction are required.

Vendor: Google
Product: CVE-2017-0406
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android fleet operators, mobile security teams, and device owners running affected Android builds should care, especially where untrusted media files may be opened or processed on 6.0, 6.0.1, 7.0, 7.1.0, or 7.1.1 devices.

Technical summary

The vulnerability affects the libhevc library used by Android Mediaserver during media file and data processing. NVD identifies CWE-119 and a CVSS 3.0 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that successful exploitation can have full confidentiality, integrity, and availability impact within the Mediaserver process context. The CVE description says a specially crafted file could trigger memory corruption during parsing.

Defensive priority

High. This affects media parsing in a privileged Android process and can lead to code execution or device compromise impact within Mediaserver. Prioritize patching and update compliance on any exposed Android 6.x and 7.x devices.

Recommended defensive actions

Apply the Android security update that addresses CVE-2017-0406, or a later cumulative update, on all affected devices.
Inventory managed Android devices for vulnerable versions referenced by NVD and the CVE description, including Android 6.0, 6.0.1, 7.0, 7.1.0, and 7.1.1.
Restrict or closely control handling of untrusted media files on affected devices until updates are confirmed.
Use MDM or compliance tooling to enforce minimum patch levels and remove unsupported Android builds from managed fleets.
Treat unexpected crashes or anomalies in Mediaserver or libhevc as security-relevant and investigate them promptly.

Evidence notes

The CVE record and NVD detail confirm the Android platform scope, the libhevc/Mediaserver impact, and the CWE-119 classification. The NVD record also lists vulnerable CPEs for Android 6.0, 6.0.1, 7.0, 7.1.0, and 7.1.1, while the CVE description explicitly names 6.0, 6.0.1, 7.0, and 7.1.1. The vendor advisory reference points to the Android security bulletin dated 2017-02-01. CVE published date used here is 2017-02-08, per the supplied timeline.

Official resources

CVE-2017-0406 CVE record
CVE.org
CVE-2017-0406 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Vendor advisory reference: Android security bulletin dated 2017-02-01. CVE publication date: 2017-02-08. NVD record last modified: 2026-05-13.