PT-2016-7062 · Google+1 · Android+1

Dragonltx

Published

2016-11-25

Updated

2016-12-06

CVE-2016-6702

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0

Description A remote code execution issue in libjpeg could allow an attacker to execute arbitrary code in the context of an unprivileged process by using a specially crafted file. This issue is considered High due to the possibility of remote code execution in an application that uses libjpeg.

Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-6702

Affected Products

Android

Libjpeg

PT-2016-7062 · Google+1 · Android+1

CVE-2016-6702

Weakness Enumeration

Related Identifiers

Affected Products

References · 9