CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-2419

media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://source.android.com/security/bulletin/2016-04-02.html
https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34
http://source.android.com/security/bulletin/2016-04-02.html
https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34

Products affected by CVE-2016-2419

Google » Android » Version: 6.0

cpe:2.3:o:google:android:6.0
Google » Android » Version: 6.0.1

cpe:2.3:o:google:android:6.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2419

Products

Pricing

Contact Us