CVE-2016-3878

Published: Sep 11, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.

Affected (2)

Products: Google: Android

Google

1 product

Android

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 6.0.1
Google Android	Version 6.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://source.android.com/security/bulletin/2016-09-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/92821

Source: security@android.com

http://www.securitytracker.com/id/1036763

Source: security@android.com

https://android.googlesource.com/platform/external/libavc/+/7109ce3f8f90a28ca9f0ee6e14f6ac5e414c62cf

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-09-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92821

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036763

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/external/libavc/+/7109ce3f8f90a28ca9f0ee6e14f6ac5e414c62cf

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.