Vulnerability Description
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 4.0 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92817
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bIssue TrackingPatch
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92817
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bIssue TrackingPatch
FAQ
What is CVE-2016-3863?
CVE-2016-3863 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before...
How severe is CVE-2016-3863?
CVE-2016-3863 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3863?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.