CVE-2016-2428 in Androidinfo

Summary

libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

02/18/2016

Disclosure

05/09/2016

Moderation

VulDB entry created

Entries

VDB-83089 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

9.9

EPSS

0.01215

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2428
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2428
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2428/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!