Main Vulnerability Database Vulnerabilities #VU40353

Buffer overflow in Google Android - CVE-2016-2418

Published: April 18, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40353

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-2418

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.

How to mitigate CVE-2016-2418

Install update from vendor's website.

Buffer overflow in Google Android - CVE-2016-2418

Detailed vulnerability description

How to mitigate CVE-2016-2418

Sources

Please verify you're human