Android@6.0 Security Vulnerabilities and Issues — Page 13 of Android@6.0 CVE List

9.3CVSS7.6AI score0.00164EPSS

CVE-2016-3872

Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675.

7.1CVSS5.7AI score0.00406EPSS

CVE-2016-3879

arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686.

5.5CVSS5.6AI score0.0013EPSS

CVE-2016-3898

Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug ...

7.1CVSS5.7AI score0.00406EPSS

CVE-2016-3899

OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted m...

CVE•added 2016/10/10 10:59 a.m.•34 views

CVE-2016-3912

The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.

9.3CVSS8AI score0.00135EPSS

CVE•added 2016/10/10 10:59 a.m.•34 views

CVE-2016-3922

libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619.

7.8CVSS8AI score0.00088EPSS

CVE•added 2017/01/12 3:59 p.m.•34 views

CVE-2016-6773

An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: ...

5.5CVSS5AI score0.00063EPSS

CVE•added 2016/10/31 10:59 a.m.•34 views

CVE-2016-7990

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.

10CVSS9.6AI score0.01775EPSS

CVE•added 2017/04/07 10:59 p.m.•34 views

CVE-2017-0552

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A...

7.1CVSS5.7AI score0.00198EPSS

CVE•added 2017/10/04 1:29 a.m.•34 views

CVE-2017-0818

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.

7.8CVSS7.2AI score0.00262EPSS

CVE•added 2017/11/16 11:29 p.m.•34 views

CVE-2017-0859

Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.

7.8CVSS7.2AI score0.00101EPSS

CVE•added 2018/02/12 7:29 p.m.•34 views

CVE-2017-13233

In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, ...

7.1CVSS6.4AI score0.00157EPSS

CVE•added 2020/04/07 4:15 p.m.•34 views

CVE-2017-18675

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017).

7.5CVSS7.6AI score0.00113EPSS

CVE•added 2018/08/17 8:29 p.m.•34 views

CVE-2018-14982

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.

9.8CVSS9.2AI score0.00093EPSS

CVE•added 2020/04/08 6:15 p.m.•34 views

CVE-2018-21063

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).

10CVSS9.4AI score0.0017EPSS

CVE•added 2020/04/08 6:15 p.m.•34 views

CVE-2018-21071

An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).

7.5CVSS7.2AI score0.00102EPSS

CVE•added 2018/11/06 5:29 p.m.•34 views

CVE-2018-9358

In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Prod...

7.8CVSS6.8AI score0.03247EPSS

CVE•added 2018/11/06 5:29 p.m.•34 views

CVE-2018-9359

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

7.8CVSS6.9AI score0.016EPSS

CVE•added 2018/11/06 5:29 p.m.•34 views

CVE-2018-9454

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0...

5.5CVSS5.3AI score0.00095EPSS

CVE•added 2016/03/12 9:59 p.m.•33 views

CVE-2016-0832

Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.

6.6CVSS6.2AI score0.00017EPSS

10CVSS8.8AI score0.01215EPSS

CVE-2016-0839

post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245.

9.3CVSS7.5AI score0.00161EPSS

CVE-2016-2409

A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.

9.3CVSS7.5AI score0.00043EPSS

CVE-2016-2413

media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka inte...

6.2CVSS6.3AI score0.005EPSS

CVE-2016-2414

The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177...

CVE•added 2016/06/13 1:59 a.m.•33 views

CVE-2016-2500

Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814.

5.5CVSS5.8AI score0.00072EPSS

10CVSS8.8AI score0.02566EPSS

CVE-2016-2506

DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c...

9.8CVSS8.8AI score0.01167EPSS

CVE-2016-3741

The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.

10CVSS7.4AI score0.00068EPSS

CVE-2016-3747

Use-after-free vulnerability in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem a...

7.8CVSS7AI score0.00732EPSS

CVE-2016-3754

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not limit process-memory usage, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28615448.