CVE Vulnerabilities

CVE-2016-2448

Published: May 09, 2016 | Modified: May 10, 2016
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704.

Affected Software

Name Vendor Start Version End Version
Android Google 5.1.0 5.1.0
Android Google 4.2 4.2
Android Google 4.1 4.1
Android Google 6.0.1 6.0.1
Android Google 6.0 6.0
Android Google 4.0.2 4.0.2
Android Google 4.4.3 4.4.3
Android Google 4.0.4 4.0.4
Android Google 4.3 4.3
Android Google 4.0.1 4.0.1
Android Google 4.2.1 4.2.1
Android Google 5.0.1 5.0.1
Android Google 5.0 5.0
Android Google 4.0.3 4.0.3
Android Google 4.0 4.0
Android Google 4.4 4.4
Android Google 4.4.1 4.4.1
Android Google 4.2.2 4.2.2
Android Google 4.3.1 4.3.1
Android Google 4.4.2 4.4.2
Android Google 5.1 5.1
Android Google 4.1.2 4.1.2

References