PT-2016-1867 · Google · Android

Publicado

2016-05-09

·

Atualizado

2016-05-10

·

CVE-2016-2452

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-05-01
Description The issue is related to the function codecs/amrnb/dec/SoftAMR.cpp in libstagefright component of the mediaserver in Android. It does not validate buffer sizes, allowing attackers to gain privileges via a crafted application. This can result in obtaining Signature or SignatureOrSystem access.
Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, update to a version released on or after 2016-05-01.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2016-01200
CVE-2016-2452

Produtos afetados

Android