CVE-2016-6713 (Medium) detected in libavcandroid-10.0.0_r47

Question

CVE-2016-6713 (Medium) detected in libavcandroid-10.0.0_r47

mend-bolt-for-github opened this issue 3 years ago · 0 comments

mend-bolt-for-github commented 3 years ago

CVE-2016-6713 - Medium Severity Vulnerability

Vulnerable Library - libavcandroid-10.0.0_r47

Library home page: https://android.googlesource.com/platform/external/libavc

Found in HEAD commit: 37f50850b5d7f0ced9d617b75f5a146bf6bb5c67

Found in base branch: master

Vulnerable Source Files (1)

/decoder/ih264d_inter_pred.c

Vulnerability Details

A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755.

Publish Date: 2016-11-25

URL: CVE-2016-6713

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://source.android.com/security/bulletin/2016-11-01

Release Date: 2018-12-23

Fix Resolution: android-6.0.1_r78;android-7.0.0_r15

Step up your Open Source Security Game with WhiteSource here