CVE-2016-3821

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.

Published : 2016-08-05 20:59 Updated : 2016-11-28 20:12

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Google Android 4.0.2 cpe:/o:google:android:4.0.2
Google Android 4.0.1 cpe:/o:google:android:4.0.1
Google Android 6.0.1 cpe:/o:google:android:6.0.1
Google Android 4.4.3 cpe:/o:google:android:4.4.3
Google Android 4.4.2 cpe:/o:google:android:4.4.2
Google Android 4.4.1 cpe:/o:google:android:4.4.1
Google Android 4.3.1 cpe:/o:google:android:4.3.1
Google Android 4.2.2 cpe:/o:google:android:4.2.2
Google Android 4.0.4 cpe:/o:google:android:4.0.4
Google Android 4.2.1 cpe:/o:google:android:4.2.1
Google Android 4.1.2 cpe:/o:google:android:4.1.2
Google Android 4.0.3 cpe:/o:google:android:4.0.3
Google Android 6.0 cpe:/o:google:android:6.0
Google Android 5.1 cpe:/o:google:android:5.1
Google Android 4.2 cpe:/o:google:android:4.2
Google Android 5.0 cpe:/o:google:android:5.0
Google Android 4.1 cpe:/o:google:android:4.1
Google Android 5.1.0 cpe:/o:google:android:5.1.0
Google Android 5.0.1 cpe:/o:google:android:5.0.1
Google Android 4.4 cpe:/o:google:android:4.4
Google Android 4.3 cpe:/o:google:android:4.3
Google Android 4.0 cpe:/o:google:android:4.0
  1. Google (1) Search CVE
    1. Android (22) Search CVE
      1. 4.0.2
      2. 4.0.1
      3. 6.0.1
      4. 4.4.3
      5. 4.4.2
      6. 4.4.1
      7. 4.3.1
      8. 4.2.2
      9. 4.0.4
      10. 4.2.1
      11. 4.1.2
      12. 4.0.3
      13. 6.0
      14. 5.1
      15. 4.2
      16. 5.0
      17. 4.1
      18. 5.1.0
      19. 5.0.1
      20. 4.4
      21. 4.3
      22. 4.0

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2016-08-05 20:59

New CVE