CVE-2016-6699
HIGHAndroid < 7.0 - Remote Code Execution in libstagefright via Crafted Media File
Title source: llmDescription
A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622.
References (3)
Core 3
Core References
Issue Tracking, Patch x_refsource_confirm
https://android.googlesource.com/platform/frameworks/av/+/3b1c9f692c4d4b7a683c2b358fc89e831a641b88
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94157
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2016-11-01.html
Scores
CVSS v3
7.8
EPSS
0.0132
EPSS Percentile
67.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
google/android
< 7.0
Published
Dec 13, 2016
Tracked Since
Feb 18, 2026