CVE-2016-3755

EPSS 0.34%
Veröffentlicht 11.07.2016 01:59:55
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version6.0

Google ≫ Android Version6.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.536

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://source.android.com/security/bulletin/2016-07-01.html

Vendor Advisory

https://android.googlesource.com/platform/external/libavc/+/d4841f1161bdb5e13cb19e81af42437a634dd6ef

https://nvd.nist.gov/vuln/detail/CVE-2016-3755

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3755

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3755

EUVD