NVD

Id
19604  
Name
CVE-2016-3862  
Description
media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 29270469.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-09-11  
Modified Date
2016-09-12  
Seq
2016-3862  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
107619 19604 CVE-2016-3862 http://source.android.com/security/bulletin/2016-09-01.html  View
107620 19604 CVE-2016-3862 https://android.googlesource.com/platform/frameworks/base/+/e739d9ca5469ed30129d0fa228e3d0f2878671ac  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3869 JVNDB-2016-004642 Android のメディアサーバの media/ExifInterface.java における任意のコードを実行される脆弱性 Android のメディアサーバの media/ExifInterface.java は、libjhead_jni の静的変数を使用した対話処理を適切に行わないため、任意のコードを実行される、またはサービス運用妨害 (メモリ破損) 状態にされる脆弱性が存在します。 CVE-2016-3862 90368 CVE-2016-3862 19604 9.3 7.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004642.html 2016-09-06 2016-09-14 View