Details of Denial of Service Vulnerability in Mediaserver (CVE-2017-0497)
An SIGFPE is raised in function onGetPixels of SkRawCodec.cpp when the mediaserver try to parse a craft TIFF file with zero height dimensions.
- CVE ID: CVE-2017-0497;
- Android ID: A-33300701;
- Severity: Moderate;
- Updated Google devices: All;
- Updated AOSP versions: 7.0, 7.1.1.
The width and height could be zero without a check for size information of the TIFF file.
You can click here to get the poc.
The easily way to trigger this vulnerability is as follows.
Verify the size information.
This vulnerability was credited to Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.
2016-12-02: ele7enxxh reported the vulnerability to Google;
2017-01-24: Google rated it as a Moderate vulnerability;
2017-01-31: Google assigned CVE-2017-0497 for this vulnerability;
2017-03-07: Google released the patch and disclosed the details of CVE-2017-0497 on Android Security Bulletin-March 2017.