Main Vulnerability Database Vulnerabilities #VU40424

Information disclosure in Google Android - CVE-2016-0824

Published: March 12, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40424

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-0824

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.

How to mitigate CVE-2016-0824

Install update from vendor's website.

Information disclosure in Google Android - CVE-2016-0824

Detailed vulnerability description

How to mitigate CVE-2016-0824

Sources

Please verify you're human