Main Vulnerability Database Vulnerabilities #VU40033

Improper access control in Google Android - CVE-2016-6702

Published: November 25, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40033

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-6702

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.

How to mitigate CVE-2016-6702

Install update from vendor's website.

Improper access control in Google Android - CVE-2016-6702

Detailed vulnerability description

How to mitigate CVE-2016-6702

Sources

Please verify you're human