Vulnerability Description
An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94134
- https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530Issue TrackingPatch
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/94134
- https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530Issue TrackingPatch
- https://source.android.com/security/bulletin/2016-11-01.htmlVendor Advisory
FAQ
What is CVE-2016-6706?
CVE-2016-6706 is a vulnerability with a CVSS score of 7.8 (HIGH). An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a p...
How severe is CVE-2016-6706?
CVE-2016-6706 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6706?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.