Lucene search

Ubuntu.comUB:CVE-2016-0803

HistoryFeb 07, 2016 - 12:00 a.m.

CVE-2016-0803

2016-02-0700:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

50.6%

JSON

libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1
LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via a
crafted media file that triggers a large memory allocation in the (1)
SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug
25812794.

Notes

Author	Note
sbeattie	libhybris does not expose the stagefright encoders ignoring releases where android is not supported

References

source.android.com/security/bulletin/2016-02-01.html

android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7

launchpad.net/bugs/cve/CVE-2016-0803

nvd.nist.gov/vuln/detail/CVE-2016-0803

security-tracker.debian.org/tracker/CVE-2016-0803

www.cve.org/CVERecord?id=CVE-2016-0803

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for UB:CVE-2016-0803