6.0.1

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

google

CWE-254

NVD

Published: 2016-03-12

Updated: 2016-11-28

Summary

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 6.0.1 Google Android 6.0	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

http://source.android.com/security/bulletin/2016-03-01.html
https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3
http://www.securityfocus.com/bid/84262