How severe is CVE-2016-2413?

CVE-2016-2413 has a CVSS v3 score of 7.8 (HIGH).

CVE-2016-2413

Name: android
Author: google

7.8HIGH

media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via

Publicado: 4/18/2016Atualizado: 4/12/2025

Descrição

media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26403627.

Análise IADesenvolvido por IA

Produtos Afetados

googleandroid

5.0

googleandroid

5.0.1

googleandroid

5.1

googleandroid

5.1.0

googleandroid

6.0

googleandroid

6.0.1

Referências

http://source.android.com/security/bulletin/2016-04-02.html
Vendor Advisory
https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48
http://source.android.com/security/bulletin/2016-04-02.html
Vendor Advisory
https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48