CVE-2016-6699

HIGH

Android < 7.0 - Remote Code Execution in libstagefright via Crafted Media File

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Android ID: A-31373622.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94157

Scores

CVSS v3 7.8
EPSS 0.0132
EPSS Percentile 67.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android < 7.0
Published Dec 13, 2016
Tracked Since Feb 18, 2026