CVE-2016-0824
MEDIUMAndroid 6.x - Exposure of Sensitive Information via Crafted Bitstream Data
Title source: llmDescription
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-03-01.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/84262
Patch x_refsource_confirm
https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3
Scores
CVSS v3
5.3
EPSS
0.0065
EPSS Percentile
46.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
CWE-254
Status
published
Products (2)
google/android
6.0
google/android
6.0.1
Published
Mar 12, 2016
Tracked Since
Feb 18, 2026