CVE-2016-2464 — Improper Input Validation in Google Android

CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 51.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webmproject Libvpx Google Android

Timeline

PublishedJun 13

Latest updateMay 17

Description

libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianwebmproject/libvpx< 1.6.1-1+3

▶NVDgoogle/android18 versions+17

🔴Vulnerability Details

GHSA

GHSA-rmww-hg8j-xpw9: libvpx in libwebm in mediaserver in Android 4↗2022-05-17

▶

CVEList

CVE-2016-2464: libvpx in libwebm in mediaserver in Android 4↗2016-06-13

▶

OSV

CVE-2016-2464: libvpx in libwebm in mediaserver in Android 4↗2016-06-13

▶

📋Vendor Advisories

Android

CVE-2016-2464: Android Security Bulletin 2016-06-01 CVE: CVE-2016-2464 Severity: CRITICAL Affected AOSP versions: 4↗2016-06-01

▶

Debian

CVE-2016-2464: libvpx - libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2...↗2016

▶