Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-3751 (GCVE-0-2016-3751)
Vulnerability from cvelistv5 – Published: 2016-07-11 01:00 – Updated: 2024-08-06 00:03
VLAI?
EPSS
Summary
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2016-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:15.775Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2016-3751",
"datePublished": "2016-07-11T01:00:00.000Z",
"dateReserved": "2016-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:03:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-3751",
"date": "2026-05-14",
"epss": "0.00135",
"percentile": "0.3288"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.19\", \"matchCriteriaId\": \"0F63D199-D477-4807-8A4E-A30C55D1FC48\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB318EA4-2908-4B91-8DBB-20008FDF528A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4E46A9-B652-47CE-92E8-01021E57724B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA9F0F7-D592-481E-884C-B1A94E702825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\\u00e9s de una aplicaci\\u00f3n manipulada, seg\\u00fan lo demostrado por la obtenci\\u00f3n de acceso Signature o SignatureOrSystem, tambi\\u00e9n conocido como error interno 23265085.\"}]",
"id": "CVE-2016-3751",
"lastModified": "2024-11-21T02:50:38.157",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-07-11T01:59:51.870",
"references": "[{\"url\": \"http://source.android.com/security/bulletin/2016-07-01.html\", \"source\": \"security@android.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/07/09/4\", \"source\": \"security@android.com\"}, {\"url\": \"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\", \"source\": \"security@android.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240719-0004/\", \"source\": \"security@android.com\"}, {\"url\": \"http://source.android.com/security/bulletin/2016-07-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/07/09/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240719-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@android.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-3751\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2016-07-11T01:59:51.870\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, seg\u00fan lo demostrado por la obtenci\u00f3n de acceso Signature o SignatureOrSystem, tambi\u00e9n conocido como error interno 23265085.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.19\",\"matchCriteriaId\":\"0F63D199-D477-4807-8A4E-A30C55D1FC48\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9F0F7-D592-481E-884C-B1A94E702825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}],\"references\":[{\"url\":\"http://source.android.com/security/bulletin/2016-07-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/07/09/4\",\"source\":\"security@android.com\"},{\"url\":\"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\",\"source\":\"security@android.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240719-0004/\",\"source\":\"security@android.com\"},{\"url\":\"http://source.android.com/security/bulletin/2016-07-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/07/09/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240719-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2016-3751
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-3751",
"description": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
"id": "GSD-2016-3751"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-3751"
],
"details": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
"id": "GSD-2016-3751",
"modified": "2023-12-13T01:21:27.843994Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.6.19]",
"affected_versions": "All versions up to 1.6.19",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2016-07-11",
"description": "Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug ",
"fixed_versions": [
"1.6.19.1"
],
"identifier": "CVE-2016-3751",
"identifiers": [
"CVE-2016-3751"
],
"not_impacted": "All versions after 1.6.19",
"package_slug": "nuget/libpng",
"pubdate": "2016-07-11",
"solution": "Upgrade to version 1.6.19.1 or above.",
"title": "Privilege Escalation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2016-3751",
"http://source.android.com/security/bulletin/2016-07-01.html",
"http://www.openwall.com/lists/oss-security/2016/07/09/4"
],
"uuid": "a0b1a494-10b6-4f39-8e0f-bf057532b2af"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3751"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
"refsource": "CONFIRM",
"tags": [],
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2016-07-11T17:52Z",
"publishedDate": "2016-07-11T01:59Z"
}
}
}
BDU:2016-01859
Vulnerability from fstec - Published: 11.07.2016
VLAI Severity ?
Title
Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость библиотеки libpng операционной системы Android связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии с помощью специально созданного приложения
Severity ?
Vendor
Google Inc
Software Name
Android
Software Version
от 4.0 до 4.4.4 (Android), от 5.0 до 5.0.2 (Android), от 5.1 до 5.1.1 (Android), от 6.0 до 2016-07-01 (Android)
Possible Mitigations
Использование рекомендаций производителя:
http://source.android.com/security/bulletin/2016-07-01.html
Reference
https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
http://www.openwall.com/lists/oss-security/2016/07/09/4
http://source.android.com/security/bulletin/2016-07-01.html
CWE
CWE-17
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 4.0 \u0434\u043e 4.4.4 (Android), \u043e\u0442 5.0 \u0434\u043e 5.0.2 (Android), \u043e\u0442 5.1 \u0434\u043e 5.1.1 (Android), \u043e\u0442 6.0 \u0434\u043e 2016-07-01 (Android)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttp://source.android.com/security/bulletin/2016-07-01.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.07.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.08.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-01859",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-3751",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Android",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libpng \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\nhttp://www.openwall.com/lists/oss-security/2016/07/09/4\nhttp://source.android.com/security/bulletin/2016-07-01.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
BDU:2016-01858
Vulnerability from fstec - Published: 11.07.2016
VLAI Severity ?
Title
Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость библиотеки libpng операционной системы Android связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии с помощью специально созданного приложения
Severity ?
Vendor
Guy Eric Schalnat Andreas Dilger Glenn Randers-Pehrson
Software Name
libpng
Software Version
до 1.6.20 (libpng)
Possible Mitigations
Использование рекомендаций производителя:
http://www.openwall.com/lists/oss-security/2016/07/09/4
Reference
https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
http://www.openwall.com/lists/oss-security/2016/07/09/4
http://source.android.com/security/bulletin/2016-07-01.html
CWE
CWE-17
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Guy Eric Schalnat Andreas Dilger Glenn Randers-Pehrson",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.6.20 (libpng)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttp://www.openwall.com/lists/oss-security/2016/07/09/4",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.07.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.08.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-01858",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-3751",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "libpng",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 32-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libpng \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\nhttp://www.openwall.com/lists/oss-security/2016/07/09/4\nhttp://source.android.com/security/bulletin/2016-07-01.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CNVD-2016-04677
Vulnerability from cnvd - Published: 2016-07-12
VLAI Severity ?
Title
Android libpng权限提升漏洞
Description
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。libpng是其中的一个可对PNG图形文件实现创建、读写等操作的PNG参考库组件。
Android的libpng中存在提权漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行任意代码。
Severity
高
Patch Name
Android libpng权限提升漏洞的补丁
Patch Description
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。libpng是其中的一个可对PNG图形文件实现创建、读写等操作的PNG参考库组件。
Android的libpng中存在提权漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://source.android.com/security/bulletin/2016-07-01.html
Reference
https://source.android.com/security/bulletin/2016-07-01.html
Impacted products
| Name | ['Google Android Android 4.*,<4.4.4', 'Google Android Android 5.0.*,<5.0.2', 'Google Android Android 5.1.*,<5.1.1', 'Google Android Android 6.*,2016-07-01'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-3751"
}
},
"description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libpng\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u7ec4\u4ef6\u3002\r\n\r\nAndroid\u7684libpng\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Matt Sarett",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://source.android.com/security/bulletin/2016-07-01.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-04677",
"openTime": "2016-07-12",
"patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libpng\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u7ec4\u4ef6\u3002\r\n\r\nAndroid\u7684libpng\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Android libpng\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Google Android Android 4.*\uff0c\u003c4.4.4",
"Google Android Android 5.0.*\uff0c\u003c5.0.2",
"Google Android Android 5.1.*\uff0c\u003c5.1.1",
"Google Android Android 6.*\uff0c2016-07-01"
]
},
"referenceLink": "https://source.android.com/security/bulletin/2016-07-01.html",
"serverity": "\u9ad8",
"submitTime": "2016-07-09",
"title": "Android libpng\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
GHSA-38FG-RH2C-FH5C
Vulnerability from github – Published: 2022-05-17 03:51 – Updated: 2024-07-19 15:31
VLAI?
Details
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-3751"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-11T01:59:00Z",
"severity": "HIGH"
},
"details": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
"id": "GHSA-38fg-rh2c-fh5c",
"modified": "2024-07-19T15:31:45Z",
"published": "2022-05-17T03:51:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3751"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004"
},
{
"type": "WEB",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-0915
Vulnerability from csaf_certbund - Published: 2026-03-30 22:00 - Updated: 2026-04-15 22:00Summary
Kyocera Drucker: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Kyocera ist ein Hersteller u.a. von Druckern.
Angriff: Ein Angreifer aus dem lokalen Netzwerk kann mehrere Schwachstellen in verschiedenen Modellen der Kyocera ECOSYS und TASKalfa Produktfamilien ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Hardware Appliance
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Kyocera Printer ECOSYS
Kyocera / Printer
|
cpe:/h:kyocera:printer:ecosys
|
ECOSYS | |
|
Kyocera Printer TASKalfa
Kyocera / Printer
|
cpe:/h:kyocera:printer:taskalfa
|
TASKalfa |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Kyocera ist ein Hersteller u.a. von Druckern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem lokalen Netzwerk kann mehrere Schwachstellen in verschiedenen Modellen der Kyocera ECOSYS und TASKalfa Produktfamilien ausnutzen, um Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0915 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0915.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0915 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0915"
},
{
"category": "external",
"summary": "Kyocera-Sicherheitshinweise",
"url": "https://www.kyoceradocumentsolutions.de/de/support/sicherheitsluecken.html"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2013-0248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0248"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2014-0050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2015-8126",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8126"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2015-8472",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8472"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-1000031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000031"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-3751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3751"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2016-9842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9842"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2017-12652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-37434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-40303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40303"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2022-40304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2023-29469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2024-20952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20952"
}
],
"source_lang": "en-US",
"title": "Kyocera Drucker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-15T22:00:00.000+00:00",
"generator": {
"date": "2026-04-16T05:54:14.267+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0915",
"initial_release_date": "2026-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "2",
"summary": "Anpassung CVSS"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "3",
"summary": "Erg\u00e4nzung von Kyocera bereitgestellter Informationen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "TASKalfa",
"product": {
"name": "Kyocera Printer TASKalfa",
"product_id": "T029668",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:taskalfa"
}
}
},
{
"category": "product_version",
"name": "ECOSYS",
"product": {
"name": "Kyocera Printer ECOSYS",
"product_id": "T029669",
"product_identification_helper": {
"cpe": "cpe:/h:kyocera:printer:ecosys"
}
}
}
],
"category": "product_name",
"name": "Printer"
}
],
"category": "vendor",
"name": "Kyocera"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0248",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2013-0248"
},
{
"cve": "CVE-2014-0050",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2014-0050"
},
{
"cve": "CVE-2015-8126",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2015-8126"
},
{
"cve": "CVE-2015-8472",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2015-8472"
},
{
"cve": "CVE-2016-1000031",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-1000031"
},
{
"cve": "CVE-2016-3092",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-3751",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-3751"
},
{
"cve": "CVE-2016-9842",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2016-9842"
},
{
"cve": "CVE-2017-12652",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2017-12652"
},
{
"cve": "CVE-2022-37434",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-40303",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-29469",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2024-20952",
"product_status": {
"known_affected": [
"T029669",
"T029668"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2024-20952"
}
]
}
FKIE_CVE-2016-3751
Vulnerability from fkie_nvd - Published: 2016-07-11 01:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| android | 4.0 | ||
| android | 4.0.1 | ||
| android | 4.0.2 | ||
| android | 4.0.3 | ||
| android | 4.0.4 | ||
| android | 4.1 | ||
| android | 4.1.2 | ||
| android | 4.2 | ||
| android | 4.2.1 | ||
| android | 4.2.2 | ||
| android | 4.3 | ||
| android | 4.3.1 | ||
| android | 4.4 | ||
| android | 4.4.1 | ||
| android | 4.4.2 | ||
| android | 4.4.3 | ||
| android | 5.0 | ||
| android | 5.0.1 | ||
| android | 5.1 | ||
| android | 5.1.0 | ||
| android | 6.0 | ||
| android | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F63D199-D477-4807-8A4E-A30C55D1FC48",
"versionEndIncluding": "1.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, seg\u00fan lo demostrado por la obtenci\u00f3n de acceso Signature o SignatureOrSystem, tambi\u00e9n conocido como error interno 23265085."
}
],
"id": "CVE-2016-3751",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-11T01:59:51.870",
"references": [
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "security@android.com",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"source": "security@android.com",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"source": "security@android.com",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2016-AVI-227
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 6 juillet 2016
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 6 juillet 2016\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8890"
},
{
"name": "CVE-2014-9803",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9803"
},
{
"name": "CVE-2016-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3801"
},
{
"name": "CVE-2016-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2507"
},
{
"name": "CVE-2016-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
},
{
"name": "CVE-2016-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3773"
},
{
"name": "CVE-2016-3747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3747"
},
{
"name": "CVE-2014-9795",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9795"
},
{
"name": "CVE-2016-3799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3799"
},
{
"name": "CVE-2016-3742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3742"
},
{
"name": "CVE-2016-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3802"
},
{
"name": "CVE-2014-9794",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9794"
},
{
"name": "CVE-2016-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3796"
},
{
"name": "CVE-2016-3745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3745"
},
{
"name": "CVE-2016-3770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3770"
},
{
"name": "CVE-2016-3763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3763"
},
{
"name": "CVE-2016-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3805"
},
{
"name": "CVE-2016-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3760"
},
{
"name": "CVE-2015-8893",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8893"
},
{
"name": "CVE-2016-3816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3816"
},
{
"name": "CVE-2016-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2502"
},
{
"name": "CVE-2014-9786",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9786"
},
{
"name": "CVE-2016-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3765"
},
{
"name": "CVE-2014-9783",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9783"
},
{
"name": "CVE-2014-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9798"
},
{
"name": "CVE-2014-9797",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9797"
},
{
"name": "CVE-2015-8891",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8891"
},
{
"name": "CVE-2014-9792",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9792"
},
{
"name": "CVE-2016-3743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3743"
},
{
"name": "CVE-2016-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3758"
},
{
"name": "CVE-2016-3813",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3813"
},
{
"name": "CVE-2016-3767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3767"
},
{
"name": "CVE-2016-3750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3750"
},
{
"name": "CVE-2016-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3762"
},
{
"name": "CVE-2014-9802",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9802"
},
{
"name": "CVE-2016-3818",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3818"
},
{
"name": "CVE-2016-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3759"
},
{
"name": "CVE-2016-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2506"
},
{
"name": "CVE-2016-3774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3774"
},
{
"name": "CVE-2016-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2067"
},
{
"name": "CVE-2016-3800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3800"
},
{
"name": "CVE-2016-3766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3766"
},
{
"name": "CVE-2016-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3808"
},
{
"name": "CVE-2013-7457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7457"
},
{
"name": "CVE-2014-9781",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9781"
},
{
"name": "CVE-2014-9778",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9778"
},
{
"name": "CVE-2016-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3797"
},
{
"name": "CVE-2014-9789",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9789"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2014-9780",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9780"
},
{
"name": "CVE-2016-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3807"
},
{
"name": "CVE-2016-3751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3751"
},
{
"name": "CVE-2016-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3812"
},
{
"name": "CVE-2016-3741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3741"
},
{
"name": "CVE-2014-9799",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9799"
},
{
"name": "CVE-2016-3749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3749"
},
{
"name": "CVE-2016-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3772"
},
{
"name": "CVE-2014-9779",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9779"
},
{
"name": "CVE-2016-3756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3756"
},
{
"name": "CVE-2014-9800",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9800"
},
{
"name": "CVE-2015-8889",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8889"
},
{
"name": "CVE-2014-9790",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9790"
},
{
"name": "CVE-2016-3810",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3810"
},
{
"name": "CVE-2016-3761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3761"
},
{
"name": "CVE-2015-8888",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8888"
},
{
"name": "CVE-2014-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9784"
},
{
"name": "CVE-2016-3771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3771"
},
{
"name": "CVE-2014-9791",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9791"
},
{
"name": "CVE-2014-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9788"
},
{
"name": "CVE-2014-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9793"
},
{
"name": "CVE-2016-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3804"
},
{
"name": "CVE-2016-3795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3795"
},
{
"name": "CVE-2016-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
},
{
"name": "CVE-2016-3814",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
},
{
"name": "CVE-2016-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3764"
},
{
"name": "CVE-2014-9785",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9785"
},
{
"name": "CVE-2016-2501",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2501"
},
{
"name": "CVE-2014-9796",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9796"
},
{
"name": "CVE-2016-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2505"
},
{
"name": "CVE-2014-9777",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9777"
},
{
"name": "CVE-2016-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3803"
},
{
"name": "CVE-2016-3748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3748"
},
{
"name": "CVE-2016-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2068"
},
{
"name": "CVE-2016-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3809"
},
{
"name": "CVE-2016-3746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3746"
},
{
"name": "CVE-2016-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3757"
},
{
"name": "CVE-2015-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8816"
},
{
"name": "CVE-2016-3798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3798"
},
{
"name": "CVE-2016-3744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3744"
},
{
"name": "CVE-2014-9801",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9801"
},
{
"name": "CVE-2016-3769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3769"
},
{
"name": "CVE-2016-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2508"
},
{
"name": "CVE-2016-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3752"
},
{
"name": "CVE-2016-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3792"
},
{
"name": "CVE-2016-3755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3755"
},
{
"name": "CVE-2016-3811",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3811"
},
{
"name": "CVE-2015-8892",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8892"
},
{
"name": "CVE-2016-3768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3768"
},
{
"name": "CVE-2014-9787",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9787"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-3754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3754"
},
{
"name": "CVE-2016-3815",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
},
{
"name": "CVE-2016-3806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3806"
},
{
"name": "CVE-2014-9782",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9782"
},
{
"name": "CVE-2016-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3753"
},
{
"name": "CVE-2016-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2503"
},
{
"name": "CVE-2016-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3775"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-227",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 juillet 2016",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
CERTFR-2016-AVI-227
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 6 juillet 2016
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 6 juillet 2016\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8890"
},
{
"name": "CVE-2014-9803",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9803"
},
{
"name": "CVE-2016-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3801"
},
{
"name": "CVE-2016-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2507"
},
{
"name": "CVE-2016-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
},
{
"name": "CVE-2016-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3773"
},
{
"name": "CVE-2016-3747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3747"
},
{
"name": "CVE-2014-9795",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9795"
},
{
"name": "CVE-2016-3799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3799"
},
{
"name": "CVE-2016-3742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3742"
},
{
"name": "CVE-2016-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3802"
},
{
"name": "CVE-2014-9794",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9794"
},
{
"name": "CVE-2016-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3796"
},
{
"name": "CVE-2016-3745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3745"
},
{
"name": "CVE-2016-3770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3770"
},
{
"name": "CVE-2016-3763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3763"
},
{
"name": "CVE-2016-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3805"
},
{
"name": "CVE-2016-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3760"
},
{
"name": "CVE-2015-8893",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8893"
},
{
"name": "CVE-2016-3816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3816"
},
{
"name": "CVE-2016-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2502"
},
{
"name": "CVE-2014-9786",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9786"
},
{
"name": "CVE-2016-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3765"
},
{
"name": "CVE-2014-9783",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9783"
},
{
"name": "CVE-2014-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9798"
},
{
"name": "CVE-2014-9797",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9797"
},
{
"name": "CVE-2015-8891",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8891"
},
{
"name": "CVE-2014-9792",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9792"
},
{
"name": "CVE-2016-3743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3743"
},
{
"name": "CVE-2016-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3758"
},
{
"name": "CVE-2016-3813",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3813"
},
{
"name": "CVE-2016-3767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3767"
},
{
"name": "CVE-2016-3750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3750"
},
{
"name": "CVE-2016-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3762"
},
{
"name": "CVE-2014-9802",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9802"
},
{
"name": "CVE-2016-3818",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3818"
},
{
"name": "CVE-2016-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3759"
},
{
"name": "CVE-2016-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2506"
},
{
"name": "CVE-2016-3774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3774"
},
{
"name": "CVE-2016-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2067"
},
{
"name": "CVE-2016-3800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3800"
},
{
"name": "CVE-2016-3766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3766"
},
{
"name": "CVE-2016-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3808"
},
{
"name": "CVE-2013-7457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7457"
},
{
"name": "CVE-2014-9781",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9781"
},
{
"name": "CVE-2014-9778",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9778"
},
{
"name": "CVE-2016-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3797"
},
{
"name": "CVE-2014-9789",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9789"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2014-9780",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9780"
},
{
"name": "CVE-2016-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3807"
},
{
"name": "CVE-2016-3751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3751"
},
{
"name": "CVE-2016-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3812"
},
{
"name": "CVE-2016-3741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3741"
},
{
"name": "CVE-2014-9799",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9799"
},
{
"name": "CVE-2016-3749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3749"
},
{
"name": "CVE-2016-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3772"
},
{
"name": "CVE-2014-9779",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9779"
},
{
"name": "CVE-2016-3756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3756"
},
{
"name": "CVE-2014-9800",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9800"
},
{
"name": "CVE-2015-8889",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8889"
},
{
"name": "CVE-2014-9790",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9790"
},
{
"name": "CVE-2016-3810",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3810"
},
{
"name": "CVE-2016-3761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3761"
},
{
"name": "CVE-2015-8888",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8888"
},
{
"name": "CVE-2014-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9784"
},
{
"name": "CVE-2016-3771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3771"
},
{
"name": "CVE-2014-9791",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9791"
},
{
"name": "CVE-2014-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9788"
},
{
"name": "CVE-2014-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9793"
},
{
"name": "CVE-2016-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3804"
},
{
"name": "CVE-2016-3795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3795"
},
{
"name": "CVE-2016-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
},
{
"name": "CVE-2016-3814",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
},
{
"name": "CVE-2016-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3764"
},
{
"name": "CVE-2014-9785",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9785"
},
{
"name": "CVE-2016-2501",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2501"
},
{
"name": "CVE-2014-9796",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9796"
},
{
"name": "CVE-2016-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2505"
},
{
"name": "CVE-2014-9777",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9777"
},
{
"name": "CVE-2016-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3803"
},
{
"name": "CVE-2016-3748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3748"
},
{
"name": "CVE-2016-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2068"
},
{
"name": "CVE-2016-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3809"
},
{
"name": "CVE-2016-3746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3746"
},
{
"name": "CVE-2016-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3757"
},
{
"name": "CVE-2015-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8816"
},
{
"name": "CVE-2016-3798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3798"
},
{
"name": "CVE-2016-3744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3744"
},
{
"name": "CVE-2014-9801",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9801"
},
{
"name": "CVE-2016-3769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3769"
},
{
"name": "CVE-2016-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2508"
},
{
"name": "CVE-2016-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3752"
},
{
"name": "CVE-2016-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3792"
},
{
"name": "CVE-2016-3755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3755"
},
{
"name": "CVE-2016-3811",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3811"
},
{
"name": "CVE-2015-8892",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8892"
},
{
"name": "CVE-2016-3768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3768"
},
{
"name": "CVE-2014-9787",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9787"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-3754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3754"
},
{
"name": "CVE-2016-3815",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
},
{
"name": "CVE-2016-3806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3806"
},
{
"name": "CVE-2014-9782",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9782"
},
{
"name": "CVE-2016-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3753"
},
{
"name": "CVE-2016-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2503"
},
{
"name": "CVE-2016-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3775"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-227",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 juillet 2016",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…