CVE-2016-0824

MEDIUM

Android 6.x - Info Disclosure

Title source: llm

Description

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.

References (3)

[Vendor Advisory] http://source.android.com/security/bulletin/2016-03-01.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/84262

[Patch] https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3

Scores

CVSS v3 5.3

EPSS 0.0016

EPSS Percentile 37.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-254 CWE-200

Status draft

Affected Products (2)

google/android

google/android

Timeline

Published Mar 12, 2016

Tracked Since Feb 18, 2026