CVE-2016-2417

CRITICAL

Android < 4.4.4/5.0.2/5.1.1/2016-04-01 - Information Disclosure via Uninitialized Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2417. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages an information disclosure vulnerability in Android's IOMX component (CVE-2016-2417), where uninitialized heap memory is returned due to insufficient validation in GET_CONFIG/GET_PARAMETER calls. The PoC demonstrates reading 64 bytes (with 56 bytes uninitialized) from the media server process, potentially aiding in ASLR bypass.

Description

media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/39685

View Code ZIP pw:eip

The exploit leverages an information disclosure vulnerability in Android's IOMX component (CVE-2016-2417), where uninitialized heap memory is returned due to insufficient validation in GET_CONFIG/GET_PARAMETER calls. The PoC demonstrates reading 64 bytes (with 56 bytes uninitialized) from the media server process, potentially aiding in ASLR bypass.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Android (verified on 6.0.1, likely affects other versions)

No auth needed

Prerequisites: Access to Android device with vulnerable IOMX implementation · Ability to execute arbitrary code (e.g., via malicious app)

MITRE ATT&CK

T1082 - System Information Discovery T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39685/

Vendor Advisory x_refsource_confirm

http://source.android.com/security/bulletin/2016-04-02.html

Patch x_refsource_confirm

https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84

Scores

CVSS v3 9.8

EPSS 0.1316

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (22)

google/android 4.0

google/android 4.0.1

google/android 4.0.2

google/android 4.0.3

google/android 4.0.4

google/android 4.1

google/android 4.1.2

google/android 4.2

google/android 4.2.1

google/android 4.2.2

... and 12 more

Published Apr 18, 2016

Tracked Since Feb 18, 2026