CVE-2016-1621 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

8.7%

top 7.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webmproject Libvpx Google Android

Timeline

PublishedMar 12

Latest updateMay 17

Description

libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debianwebmproject/libvpx< 1.6.1-1+3

▶NVDgoogle/android24 versions+23

🔴Vulnerability Details

GHSA

GHSA-pjpg-8wjw-xmv3: libvpx in mediaserver in Android 4↗2022-05-17

▶

CVEList

CVE-2016-1621: libvpx in mediaserver in Android 4↗2016-03-12

▶

OSV

CVE-2016-1621: libvpx in mediaserver in Android 4↗2016-03-12

▶

📋Vendor Advisories

Red Hat

libvpx: remote code execution via crafted media file↗2016-03-14

▶

Android

CVE-2016-1621: Android Security Bulletin 2016-03-01 CVE: CVE-2016-1621 Severity: CRITICAL Affected AOSP versions: 4↗2016-03-01

▶

Debian

CVE-2016-1621: libvpx - libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and ...↗2016

▶

💬Community

Bugzilla

CVE-2016-1621 compat-libvpx1: libvpx: remote code execution via crafted media file [fedora-23]↗2016-03-16

▶

Bugzilla

CVE-2016-1621 libvpx: remote code execution via crafted media file [epel-5]↗2016-03-16

▶

Bugzilla

CVE-2016-1621 libvpx: remote code execution via crafted media file [fedora-all]↗2016-03-16

▶

Bugzilla

CVE-2016-1621 libvpx: remote code execution via crafted media file↗2016-03-16

▶