CVE-2016-3741

Published: Jul 11, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.

Affected (2)

Products: Google: Android

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 6.0.1
Google Android	Version 6.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://source.android.com/security/bulletin/2016-07-01.html

Source: security@android.com

Vendor Advisory

https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335

Source: security@android.com

https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795

Source: security@android.com

http://source.android.com/security/bulletin/2016-07-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.