CVE-2016-0824

MEDIUM

Android 6.x - Exposure of Sensitive Information via Crafted Bitstream Data

Title source: llm
STIX 2.1

Description

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84262

Scores

CVSS v3 5.3
EPSS 0.0065
EPSS Percentile 46.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200 CWE-254
Status published
Products (2)
google/android 6.0
google/android 6.0.1
Published Mar 12, 2016
Tracked Since Feb 18, 2026