Vulnerability Details CVE-2016-3743
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://source.android.com/security/bulletin/2016-07-01.html
- https://android.googlesource.com/platform/external/libavc/+/ecf6c7ce6d5a22d52160698aab44fc234c63291a
- http://source.android.com/security/bulletin/2016-07-01.html
- https://android.googlesource.com/platform/external/libavc/+/ecf6c7ce6d5a22d52160698aab44fc234c63291a