PT-2016-2668 · Google · Android

Chiachih Wu

Published

2016-08-05

Updated

2016-11-28

CVE-2016-3835

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-08-01

Description The secure-session feature in the mm-video-v4l2 venc component of the mediaserver in Android mishandles heap pointers. This issue allows attackers to obtain sensitive information via a crafted application.

Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-08-01, update to a version released on or after 2016-08-01.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2016-02060

CVE-2016-3835

Affected Products

Android

PT-2016-2668 · Google · Android

CVE-2016-3835

Weakness Enumeration

Related Identifiers

Affected Products

References · 9