ID CVE-2016-3924
Type cve
Reporter NVD
Modified 2016-11-28T15:14:00
Description
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301.
{"hash": "4bf48a8b2d7420a57f1807a1d8e3e769e447909aad04e5803438403a596d5c94", "id": "CVE-2016-3924", "lastseen": "2016-12-01T02:27:28", "viewCount": 2, "hashmap": [{"hash": "65d5a89e1c9e4fd39cccde5dde742638", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e644da1397771dec769921f560698cb4", "key": "cpe"}, {"hash": "e535458074758782b5097cdf625d00b8", "key": "cvelist"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "2d38e4afc3432063eb7c4926a4ecb529", "key": "description"}, {"hash": "e422426768873fdd38db9092634da2ec", "key": "href"}, {"hash": "6388a25174425c10d3e5f28b4afe0495", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "0c33b0a862a59416d0477136e472fdc3", "key": "published"}, {"hash": "7c376b47e4716100c3abdd87d5d1b54f", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "895933c5769faa15e695bfca94020080", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:google:android:6.0", "cpe:/o:google:android:5.1.0", "cpe:/o:google:android:4.2", "cpe:/o:google:android:4.1", "cpe:/o:google:android:4.4.2", "cpe:/o:google:android:4.0", "cpe:/o:google:android:4.4.1", "cpe:/o:google:android:4.0.3", "cpe:/o:google:android:4.3", "cpe:/o:google:android:4.0.4", "cpe:/o:google:android:5.0", "cpe:/o:google:android:4.2.1", "cpe:/o:google:android:7.0", "cpe:/o:google:android:4.2.2", "cpe:/o:google:android:5.1", "cpe:/o:google:android:4.3.1", "cpe:/o:google:android:6.0.1", "cpe:/o:google:android:4.1.2", "cpe:/o:google:android:4.0.2", "cpe:/o:google:android:4.4.3", "cpe:/o:google:android:5.0.1", "cpe:/o:google:android:4.0.1", "cpe:/o:google:android:4.4"], "assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "edition": 1, "enchantments": {"vulnersScore": 4.3}, "type": "cve", "description": "services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301.", "title": "CVE-2016-3924", "history": [], "objectVersion": "1.2", "cvelist": ["CVE-2016-3924"], "published": "2016-10-10T06:59:28", "references": ["http://www.securityfocus.com/bid/93297", "http://source.android.com/security/bulletin/2016-10-01.html", "https://android.googlesource.com/platform/frameworks/av/+/c894aa36be535886a8e5ff02cdbcd07dd24618f6"], "reporter": "NVD", "scanner": [], "modified": "2016-11-28T15:14:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3924"}
{"result": {}}