Lucene search

K
cveGoogle_androidCVE-2016-2429
HistoryMay 09, 2016 - 10:59 a.m.

CVE-2016-2429

2016-05-0910:59:05
CWE-119
google_android
web.nvd.nist.gov
26
cve-2016-2429
libflac
stream_decoder.c
mediaserver
android
nvd
remote attack
arbitrary code
denial of service
heap memory corruption
27211885

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

51.1%

libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885.

Affected configurations

Nvd
Node
googleandroidMatch4.0
OR
googleandroidMatch4.0.1
OR
googleandroidMatch4.0.2
OR
googleandroidMatch4.0.3
OR
googleandroidMatch4.0.4
OR
googleandroidMatch4.1
OR
googleandroidMatch4.1.2
OR
googleandroidMatch4.2
OR
googleandroidMatch4.2.1
OR
googleandroidMatch4.2.2
OR
googleandroidMatch4.3
OR
googleandroidMatch4.3.1
OR
googleandroidMatch4.4
OR
googleandroidMatch4.4.1
OR
googleandroidMatch4.4.2
OR
googleandroidMatch4.4.3
OR
googleandroidMatch5.0
OR
googleandroidMatch5.0.1
OR
googleandroidMatch5.1
OR
googleandroidMatch5.1.0
OR
googleandroidMatch6.0
OR
googleandroidMatch6.0.1
VendorProductVersionCPE
googleandroid4.0cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
googleandroid4.0.1cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
googleandroid4.0.2cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
googleandroid4.0.3cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
googleandroid4.0.4cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
googleandroid4.1cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
googleandroid4.1.2cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
googleandroid4.2cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
googleandroid4.2.1cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
googleandroid4.2.2cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 221

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

51.1%