Lucene search

[email protected]CVE-2016-3880

HistorySep 11, 2016 - 9:59 p.m.

CVE-2016-3880

2016-09-1121:59:24

CWE-284

[email protected]

web.nvd.nist.gov

cve-2016-3880

android

buffer overflow

denial of service

libstagefright

mediaserver

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670.

Affected configurations

NVD

Node

googleandroidMatch4.0

googleandroidMatch4.0.1

googleandroidMatch4.0.2

googleandroidMatch4.0.3

googleandroidMatch4.0.4

googleandroidMatch4.1

googleandroidMatch4.1.2

googleandroidMatch4.2

googleandroidMatch4.2.1

googleandroidMatch4.2.2

googleandroidMatch4.3

googleandroidMatch4.3.1

googleandroidMatch4.4

googleandroidMatch4.4.1

googleandroidMatch4.4.2

googleandroidMatch4.4.3

googleandroidMatch5.0

googleandroidMatch5.0.1

googleandroidMatch5.1

googleandroidMatch5.1.0

googleandroidMatch6.0

googleandroidMatch6.0.1

googleandroidMatch7.0

CPENameOperatorVersion
google:androidgoogle androideq4.0
google:androidgoogle androideq4.0.1
google:androidgoogle androideq4.0.2
google:androidgoogle androideq4.0.3
google:androidgoogle androideq4.0.4
google:androidgoogle androideq4.1
google:androidgoogle androideq4.1.2
google:androidgoogle androideq4.2
google:androidgoogle androideq4.2.1
google:androidgoogle androideq4.2.2

CPE	Name	Operator	Version
google:android	google android	eq	4.0
google:android	google android	eq	4.0.1
google:android	google android	eq	4.0.2
google:android	google android	eq	4.0.3
google:android	google android	eq	4.0.4
google:android	google android	eq	4.1
google:android	google android	eq	4.1.2
google:android	google android	eq	4.2
google:android	google android	eq	4.2.1
google:android	google android	eq	4.2.2

Rows per page:

1-10 of 231

References

source.android.com/security/bulletin/2016-09-01.html

www.securityfocus.com/bid/92821

www.securitytracker.com/id/1036763

android.googlesource.com/platform/frameworks/av/+/68f67ef6cf1f41e77337be3bc4bff91f3a3c6324

Social References

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2016-3880

prion1 ubuntucve1 cvelist1 nvd1 androidsecurity1