9.3

CVE-2016-2452

codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version4.0
GoogleAndroid Version4.0.1
GoogleAndroid Version4.0.2
GoogleAndroid Version4.0.3
GoogleAndroid Version4.0.4
GoogleAndroid Version4.1
GoogleAndroid Version4.1.2
GoogleAndroid Version4.2
GoogleAndroid Version4.2.1
GoogleAndroid Version4.2.2
GoogleAndroid Version4.3
GoogleAndroid Version4.3.1
GoogleAndroid Version4.4
GoogleAndroid Version4.4.1
GoogleAndroid Version4.4.2
GoogleAndroid Version4.4.3
GoogleAndroid Version5.0
GoogleAndroid Version5.0.1
GoogleAndroid Version5.1
GoogleAndroid Version5.1.0
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.383
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://source.android.com/security/bulletin/2016-05-01.html
Vendor Advisory
https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687
https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f
https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866