Vulnerability Details CVE-2016-0804
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://source.android.com/security/bulletin/2016-02-01.html
- https://android.googlesource.com/platform%2Fframeworks%2Fav/+/224858e719d045c8554856b12c4ab73d2375cf33
- http://source.android.com/security/bulletin/2016-02-01.html
- https://android.googlesource.com/platform%2Fframeworks%2Fav/+/224858e719d045c8554856b12c4ab73d2375cf33
Products affected by CVE-2016-0804
-
cpe:2.3:o:google:android:5.0
-
cpe:2.3:o:google:android:5.0.1
-
cpe:2.3:o:google:android:5.0.2
-
cpe:2.3:o:google:android:5.1
-
cpe:2.3:o:google:android:5.1.0
-
cpe:2.3:o:google:android:5.1.1
-
cpe:2.3:o:google:android:6.0
-
cpe:2.3:o:google:android:6.0.1