CVE-2016-2418

CRITICAL

Android 6.x - Information Disclosure via Uninitialized Metadata Buffer Pointers

Title source: llm
STIX 2.1

Description

media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0080
EPSS Percentile 52.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
google/android 6.0
google/android 6.0.1
Published Apr 18, 2016
Tracked Since Feb 18, 2026