How severe is CVE-2016-2413?

CVE-2016-2413 has a CVSS v3 score of 7.8 (HIGH).

CVE-2016-2413

Name: android
Author: google

7.8HIGH

media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via

Published: 4/18/2016Updated: 4/12/2025

Description

media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.

AI AnalysisPowered by AI

Affected Products

googleandroid

5.0

googleandroid

5.0.1

googleandroid

5.1

googleandroid

5.1.0

googleandroid

6.0

googleandroid

6.0.1

References

http://source.android.com/security/bulletin/2016-04-02.html
Vendor Advisory
https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48
http://source.android.com/security/bulletin/2016-04-02.html
Vendor Advisory
https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48