PT-2016-5713 · Google · Libvpx+1
Vignesh Venkatasubramanian
·
Published
2016-09-11
·
Updated
2017-08-13
·
CVE-2016-3881
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
libvpx versions prior to those included in Android 4.4.4, 5.0.2, 5.1.1, and 7.0 (after 2016-09-01)
Description
The issue allows remote attackers to cause a denial of service, resulting in a buffer over-read, and potentially causing the device to hang or reboot, via a crafted media file.
Recommendations
For versions prior to those included in Android 4.4.4, update to Android 4.4.4 or later.
For versions 5.0.x prior to 5.0.2, update to Android 5.0.2 or later.
For versions 5.1.x prior to 5.1.1, update to Android 5.1.1 or later.
For versions 6.x before 2016-09-01, update to a version released after 2016-09-01.
For versions 7.0 before 2016-09-01, update to a version released after 2016-09-01.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Libvpx