CVE-2016-6701Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-284Improper Access Control5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 52.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google AndroidGoogle INC Android
Timeline
PublishedNov 25
Latest updateMay 17

Description

A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google_inc/androidAndroid-7.0

🔴Vulnerability Details

2
GHSA
GHSA-7q83-f9g2-964w: A remote code execution vulnerability in libskia in Android 72022-05-17
OSV
CVE-2016-6701: A remote code execution vulnerability in libskia in Android 72016-11-25

📋Vendor Advisories

1
Android
CVE-2016-6701: Android Security Bulletin 2016-11-01 CVE: CVE-2016-6701 Severity: HIGH Affected AOSP versions: 72016-11-01

💬Community

1
Bugzilla
CVE-2012-6701 kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access2016-03-03