CVE-2016-2418
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.
media/libmedia/IOMX.cpp en mediaserver en Android 6.x en versiones anteriores a 2016-04-01 no inicializa determinados punteros a buffers de metadatos, lo que permite a atacantes obtener información sensible de memoria de proceso, y consecuentemente eludir un mecanismo de protección no especificado, a través de vectores no especificados, según lo demostrado por la obtención de acceso Signature o SignatureOrSystem, también conocida como error interno 26324358.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-02-18 CVE Reserved
- 2016-04-18 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0 Search vendor "Google" for product "Android" and version "6.0" | - |
Affected
| ||||||
| Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 6.0.1 Search vendor "Google" for product "Android" and version "6.0.1" | - |
Affected
| ||||||