CVE-2016-3741

EPSS 1.17%
Veröffentlicht 11.07.2016 01:59:41
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version6.0

Google ≫ Android Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.17%	0.767

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://source.android.com/security/bulletin/2016-07-01.html

Vendor Advisory

https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335

https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795

https://nvd.nist.gov/vuln/detail/CVE-2016-3741

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3741

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3741

EUVD