9.3
CVE-2016-2487
- EPSS 0.49%
- Veröffentlicht 13.06.2016 01:59:26
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@android.com
- CVE-Watchlists
- Unerledigt
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.383 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://source.android.com/security/bulletin/2016-06-01.html
https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944
https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12
https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab