Lucene search

K
cveGoogle_androidCVE-2016-2428
HistoryMay 09, 2016 - 10:59 a.m.

CVE-2016-2428

2016-05-0910:59:04
CWE-119
google_android
web.nvd.nist.gov
26
mediaserver
android
remote code execution
cve-2016-2428
denial of service
stack memory corruption

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

51.1%

libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.

Affected configurations

Nvd
Node
googleandroidMatch4.0
OR
googleandroidMatch4.0.1
OR
googleandroidMatch4.0.2
OR
googleandroidMatch4.0.3
OR
googleandroidMatch4.0.4
OR
googleandroidMatch4.1
OR
googleandroidMatch4.1.2
OR
googleandroidMatch4.2
OR
googleandroidMatch4.2.1
OR
googleandroidMatch4.2.2
OR
googleandroidMatch4.3
OR
googleandroidMatch4.3.1
OR
googleandroidMatch4.4
OR
googleandroidMatch4.4.1
OR
googleandroidMatch4.4.2
OR
googleandroidMatch4.4.3
OR
googleandroidMatch5.0
OR
googleandroidMatch5.0.1
OR
googleandroidMatch5.1
OR
googleandroidMatch5.1.0
OR
googleandroidMatch6.0
OR
googleandroidMatch6.0.1
VendorProductVersionCPE
googleandroid4.0cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
googleandroid4.0.1cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
googleandroid4.0.2cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
googleandroid4.0.3cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
googleandroid4.0.4cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
googleandroid4.1cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
googleandroid4.1.2cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
googleandroid4.2cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
googleandroid4.2.1cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
googleandroid4.2.2cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 221

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

51.1%