CVE-2016-2428
Status: Analyzed
Last modified:
10-05-2016
Published:
09-05-2016
9.8
SUMMARY CVE-2016-2428
libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.
Access CVSS3 CVE-2016-2428
Attack Complexity | Attack Vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
LOW | NETWORK | NONE | UNCHANGED | NONE |
Impact CVSS3 CVE-2016-2428
Confidentiality | Integrity | Availability |
---|---|---|
HIGH | HIGH | HIGH |
Details CVE-2016-2428
EPSS | 0.00148 |
---|---|
EPSS % | 0.51601 |
References | |
CWE | CWE-119 |
CAPEC |
|
Vulnerable Configurations |
|
CVSS3 Source | nvd@nist.gov |
CVSS3 Type | Primary |
CVSS3 Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |