CVE-2016-6701

A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/94162	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2016-11-01.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-11-25 16:59

Updated : 2024-02-04 19:11

NVD link : CVE-2016-6701

Mitre link : CVE-2016-6701

CVE.ORG link : CVE-2016-6701

JSON object : View

Products Affected

google

android

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-284

Improper Access Control

{"id": "CVE-2016-6701", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-11-25T16:59:06.997", "references": [{"url": "http://www.securityfocus.com/bid/94162", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2016-11-01.html", "tags": ["Vendor Advisory"], "source": "security@android.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en libskia en Android 7.0 en versiones anteriores a 01-11-2016 podr\u00eda habilitar a un atacante que utiliza un archivo especialmente manipulado a provocar corrupci\u00f3n de memoria durante el procesamiento de archivos multimedia y datos. Este problema est\u00e1 clasificado como High debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo dentro del contexto de proceso de galer\u00eda. Android ID: A-30190637."}], "lastModified": "2016-12-06T15:05:07.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "595E33EF-6B21-425B-929C-6B883FA50081", "versionEndIncluding": "7.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}