CVE-2016-2429 in Androidinfo

Summary

libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

02/18/2016

Disclosure

05/09/2016

Moderation

VulDB entry created

Entries

VDB-83090 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

9.9

EPSS

0.01215

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2429
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2429
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2429/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!