Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-0478 PoC — Android Framesequence库安全漏洞

Source
https://github.com/bingghost/CVE-2017-0478
Associated Vulnerability
Title:Android Framesequence库安全漏洞 (CVE-2017-0478)
Description:Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。Framesequence Library是用于其中的一个GIF图片工具包库。 Android中的Framesequence库存在远程代码执行漏洞。攻击者可借助特制的文件利用该漏洞执行任意代码。以下版本受到影响:Android 5.0.2,5.1.1,6.0,6.0.1,7.0,7.1.1版本。
Description
poc of CVE-2017-0478
Readme
# CVE-2017-0478
poc of CVE-2017-0478

The file of FrameSequence_webp.cpp is not compiled  in AOSP currently,  so when you compile libframesequence.so  with webp, 
you need compile with FRAMESEQUENCE_INCLUDE_WEBP(like this:  FRAMESEQUENCE_INCLUDE_WEBP=true mm -B)
File Snapshot

 [4.0K]  /data/pocs/32cefeab02d117b30b69ed18c1584536aa58b4fa
├── [4.0K]  poc
│   ├── [ 863]  AndroidManifest.xml
│   ├── [1.3K]  Android.mk
│   ├── [4.0K]  build.xml
│   ├── [  51]  proguard.flags
│   ├── [ 563]  project.properties
│   ├── [4.0K]  res
│   │   ├── [4.0K]  drawable-hdpi
│   │   │   └── [9.2K]  ic_launcher.png
│   │   ├── [4.0K]  drawable-mdpi
│   │   │   └── [5.1K]  ic_launcher.png
│   │   ├── [4.0K]  drawable-xhdpi
│   │   │   └── [ 14K]  ic_launcher.png
│   │   ├── [4.0K]  layout
│   │   │   └── [1.4K]  basic_test_activity.xml
│   │   ├── [4.0K]  raw
│   │   │   ├── [ 34K]  animated_gif.gif
│   │   │   └── [372K]  animated_webp.webp
│   │   └── [4.0K]  values
│   │       ├── [ 598]  strings.xml
│   │       └── [ 148]  styles.xml
│   └── [4.0K]  src
│       └── [4.0K]  com
│           └── [4.0K]  android
│               └── [4.0K]  framesequence
│                   └── [4.0K]  samples
│                       ├── [4.1K]  FrameSequenceTest.java
│                       └── [2.4K]  SamplesList.java
└── [ 263]  README.md

13 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.