CVE-2016-3833
- EPSS 0.48%
- Veröffentlicht 05.08.2016 20:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted appli...
CVE-2016-3832
- EPSS 0.41%
- Veröffentlicht 05.08.2016 20:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanis...
CVE-2016-3831
- EPSS 0.77%
- Veröffentlicht 05.08.2016 20:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled...
CVE-2016-3830
- EPSS 0.57%
- Veröffentlicht 05.08.2016 20:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS d...
CVE-2016-3829
- EPSS 0.68%
- Veröffentlicht 05.08.2016 20:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.
CVE-2016-3828
- EPSS 0.57%
- Veröffentlicht 05.08.2016 20:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.
CVE-2016-3827
- EPSS 0.57%
- Veröffentlicht 05.08.2016 20:59:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 2...
CVE-2016-3826
- EPSS 0.2%
- Veröffentlicht 05.08.2016 20:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privil...
CVE-2016-3825
- EPSS 0.2%
- Veröffentlicht 05.08.2016 20:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, a...
CVE-2016-3824
- EPSS 0.2%
- Veröffentlicht 05.08.2016 20:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted applica...