Buffer overflow in Google Android and Debian Linux - CVE-2016-3822
Published: August 5, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40167
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3822
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Google
Debian
Debian
Affected software:
Google Android
Debian Linux
Google Android
Debian Linux
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
How to mitigate CVE-2016-3822
Install update from vendor's website.