Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2483

The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502.

Published

2016-06-13T01:59:22.640

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 4.0 Yes
Operating System google android 4.0.1 Yes
Operating System google android 4.0.2 Yes
Operating System google android 4.0.3 Yes
Operating System google android 4.0.4 Yes
Operating System google android 4.1 Yes
Operating System google android 4.1.1 Yes
Operating System google android 4.1.2 Yes
Operating System google android 4.2 Yes
Operating System google android 4.2.1 Yes
Operating System google android 4.2.2 Yes
Operating System google android 4.3 Yes
Operating System google android 4.3.1 Yes
Operating System google android 5.0 Yes
Operating System google android 5.0.1 Yes
Operating System google android 5.1 Yes
Operating System google android 6.0 Yes
Operating System google android 6.0.1 Yes
References