CVE-2016-1621 (GCVE-0-2016-1621)

Vulnerability from cvelistv5 – Published: 2016-03-12 21:00 – Updated: 2024-08-05 23:02

Summary

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

URL

Tags

	https://android.googlesource.com/platform/externa…	x_refsource_CONFIRM
	http://source.android.com/security/bulletin/2016-…	x_refsource_CONFIRM
	https://android.googlesource.com/platform/externa…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201603-09	vendor-advisoryx_refsource_GENTOO
	https://android.googlesource.com/platform/framewo…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/84239	vdb-entryx_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:02:12.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-03-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
          },
          {
            "name": "GLSA-201603-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201603-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
          },
          {
            "name": "84239",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84239"
          },
          {
            "name": "FEDORA-2016-fae59061fe",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-01T15:57:02",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-03-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
        },
        {
          "name": "GLSA-201603-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201603-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
        },
        {
          "name": "84239",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84239"
        },
        {
          "name": "FEDORA-2016-fae59061fe",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2016-1621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d",
              "refsource": "CONFIRM",
              "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
            },
            {
              "name": "http://source.android.com/security/bulletin/2016-03-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-03-01.html"
            },
            {
              "name": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426",
              "refsource": "CONFIRM",
              "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
            },
            {
              "name": "GLSA-201603-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201603-09"
            },
            {
              "name": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55",
              "refsource": "CONFIRM",
              "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
            },
            {
              "name": "84239",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84239"
            },
            {
              "name": "FEDORA-2016-fae59061fe",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2016-1621",
    "datePublished": "2016-03-12T21:00:00",
    "dateReserved": "2016-01-12T00:00:00",
    "dateUpdated": "2024-08-05T23:02:12.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB318EA4-2908-4B91-8DBB-20008FDF528A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4E46A9-B652-47CE-92E8-01021E57724B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA9F0F7-D592-481E-884C-B1A94E702825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9915371-C730-41F7-B86E-7E4DE0DF5385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.\"}, {\"lang\": \"es\", \"value\": \"libvpx en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H y 6.0 en versiones anteriores a 2016-03-01 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de un archivo multimedia manipulado, relacionado con libwebm/mkvparser.cpp y otros archivos, tambi\\u00e9n conocida como error interno 23452792.\"}]",
      "id": "CVE-2016-1621",
      "lastModified": "2024-11-21T02:46:45.233",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
      "published": "2016-03-12T21:59:17.823",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://source.android.com/security/bulletin/2016-03-01.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/84239\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-09\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://source.android.com/security/bulletin/2016-03-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/84239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201603-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1621\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-03-12T21:59:17.823\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.\"},{\"lang\":\"es\",\"value\":\"libvpx en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H y 6.0 en versiones anteriores a 2016-03-01 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo multimedia manipulado, relacionado con libwebm/mkvparser.cpp y otros archivos, tambi\u00e9n conocida como error interno 23452792.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9F0F7-D592-481E-884C-B1A94E702825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9915371-C730-41F7-B86E-7E4DE0DF5385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://source.android.com/security/bulletin/2016-03-01.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/84239\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201603-09\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://source.android.com/security/bulletin/2016-03-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/84239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201603-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2016-1621

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1621

Aliases

CVE-2016-1621

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1621",
    "description": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.",
    "id": "GSD-2016-1621",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-1621.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1621"
      ],
      "details": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.",
      "id": "GSD-2016-1621",
      "modified": "2023-12-13T01:21:24.426399Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2016-1621",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d",
            "refsource": "CONFIRM",
            "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
          },
          {
            "name": "http://source.android.com/security/bulletin/2016-03-01.html",
            "refsource": "CONFIRM",
            "url": "http://source.android.com/security/bulletin/2016-03-01.html"
          },
          {
            "name": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426",
            "refsource": "CONFIRM",
            "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
          },
          {
            "name": "GLSA-201603-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201603-09"
          },
          {
            "name": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55",
            "refsource": "CONFIRM",
            "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
          },
          {
            "name": "84239",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/84239"
          },
          {
            "name": "FEDORA-2016-fae59061fe",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2016-1621"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-03-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://source.android.com/security/bulletin/2016-03-01.html"
            },
            {
              "name": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
            },
            {
              "name": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
            },
            {
              "name": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
            },
            {
              "name": "84239",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/84239"
            },
            {
              "name": "FEDORA-2016-fae59061fe",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
            },
            {
              "name": "GLSA-201603-09",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201603-09"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-03T03:21Z",
      "publishedDate": "2016-03-12T21:59Z"
    }
  }
}

OPENSUSE-SU-2024:10422-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libvpx-devel-1.6.0-2.1 on GA media

Notes

Title of the patch

libvpx-devel-1.6.0-2.1 on GA media

Description of the patch

These are all security issues fixed in the libvpx-devel-1.6.0-2.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10422

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libvpx-devel-1.6.0-2.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libvpx-devel-1.6.0-2.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10422",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10422-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-1621 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-1621/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2464 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2464/"
      }
    ],
    "title": "libvpx-devel-1.6.0-2.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10422-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.6.0-2.1.aarch64",
                "product": {
                  "name": "libvpx-devel-1.6.0-2.1.aarch64",
                  "product_id": "libvpx-devel-1.6.0-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-1.6.0-2.1.aarch64",
                "product": {
                  "name": "libvpx4-1.6.0-2.1.aarch64",
                  "product_id": "libvpx4-1.6.0-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-32bit-1.6.0-2.1.aarch64",
                "product": {
                  "name": "libvpx4-32bit-1.6.0-2.1.aarch64",
                  "product_id": "libvpx4-32bit-1.6.0-2.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.6.0-2.1.aarch64",
                "product": {
                  "name": "vpx-tools-1.6.0-2.1.aarch64",
                  "product_id": "vpx-tools-1.6.0-2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.6.0-2.1.ppc64le",
                "product": {
                  "name": "libvpx-devel-1.6.0-2.1.ppc64le",
                  "product_id": "libvpx-devel-1.6.0-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-1.6.0-2.1.ppc64le",
                "product": {
                  "name": "libvpx4-1.6.0-2.1.ppc64le",
                  "product_id": "libvpx4-1.6.0-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-32bit-1.6.0-2.1.ppc64le",
                "product": {
                  "name": "libvpx4-32bit-1.6.0-2.1.ppc64le",
                  "product_id": "libvpx4-32bit-1.6.0-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.6.0-2.1.ppc64le",
                "product": {
                  "name": "vpx-tools-1.6.0-2.1.ppc64le",
                  "product_id": "vpx-tools-1.6.0-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.6.0-2.1.s390x",
                "product": {
                  "name": "libvpx-devel-1.6.0-2.1.s390x",
                  "product_id": "libvpx-devel-1.6.0-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-1.6.0-2.1.s390x",
                "product": {
                  "name": "libvpx4-1.6.0-2.1.s390x",
                  "product_id": "libvpx4-1.6.0-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-32bit-1.6.0-2.1.s390x",
                "product": {
                  "name": "libvpx4-32bit-1.6.0-2.1.s390x",
                  "product_id": "libvpx4-32bit-1.6.0-2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.6.0-2.1.s390x",
                "product": {
                  "name": "vpx-tools-1.6.0-2.1.s390x",
                  "product_id": "vpx-tools-1.6.0-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvpx-devel-1.6.0-2.1.x86_64",
                "product": {
                  "name": "libvpx-devel-1.6.0-2.1.x86_64",
                  "product_id": "libvpx-devel-1.6.0-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-1.6.0-2.1.x86_64",
                "product": {
                  "name": "libvpx4-1.6.0-2.1.x86_64",
                  "product_id": "libvpx4-1.6.0-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvpx4-32bit-1.6.0-2.1.x86_64",
                "product": {
                  "name": "libvpx4-32bit-1.6.0-2.1.x86_64",
                  "product_id": "libvpx4-32bit-1.6.0-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vpx-tools-1.6.0-2.1.x86_64",
                "product": {
                  "name": "vpx-tools-1.6.0-2.1.x86_64",
                  "product_id": "vpx-tools-1.6.0-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.6.0-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64"
        },
        "product_reference": "libvpx-devel-1.6.0-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.6.0-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le"
        },
        "product_reference": "libvpx-devel-1.6.0-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.6.0-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x"
        },
        "product_reference": "libvpx-devel-1.6.0-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx-devel-1.6.0-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64"
        },
        "product_reference": "libvpx-devel-1.6.0-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-1.6.0-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64"
        },
        "product_reference": "libvpx4-1.6.0-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-1.6.0-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le"
        },
        "product_reference": "libvpx4-1.6.0-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-1.6.0-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x"
        },
        "product_reference": "libvpx4-1.6.0-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-1.6.0-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64"
        },
        "product_reference": "libvpx4-1.6.0-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-32bit-1.6.0-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64"
        },
        "product_reference": "libvpx4-32bit-1.6.0-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-32bit-1.6.0-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le"
        },
        "product_reference": "libvpx4-32bit-1.6.0-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-32bit-1.6.0-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x"
        },
        "product_reference": "libvpx4-32bit-1.6.0-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvpx4-32bit-1.6.0-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64"
        },
        "product_reference": "libvpx4-32bit-1.6.0-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.6.0-2.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64"
        },
        "product_reference": "vpx-tools-1.6.0-2.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.6.0-2.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le"
        },
        "product_reference": "vpx-tools-1.6.0-2.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.6.0-2.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x"
        },
        "product_reference": "vpx-tools-1.6.0-2.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vpx-tools-1.6.0-2.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
        },
        "product_reference": "vpx-tools-1.6.0-2.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-1621",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-1621"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-1621",
          "url": "https://www.suse.com/security/cve/CVE-2016-1621"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 972021 for CVE-2016-1621",
          "url": "https://bugzilla.suse.com/972021"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2016-1621"
    },
    {
      "cve": "CVE-2016-2464",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2464"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x",
          "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2464",
          "url": "https://www.suse.com/security/cve/CVE-2016-2464"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 984448 for CVE-2016-2464",
          "url": "https://bugzilla.suse.com/984448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx-devel-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:libvpx4-32bit-1.6.0-2.1.x86_64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.aarch64",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.ppc64le",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.s390x",
            "openSUSE Tumbleweed:vpx-tools-1.6.0-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-2464"
    }
  ]
}

CERTFR-2016-AVI-083

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Android (Nexus) Marshmallow versions n'intégrant pas le correctif de sécurité du 1 mars 2016
	Google	Android	Google Android (Nexus) versions antérieures à LMY49H

References

Title

Publication Time

Tags

Bulletin de sécurité Nexus 2016-03-01 du 07 mars 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Android (Nexus) Marshmallow versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 1 mars 2016",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Android (Nexus) versions ant\u00e9rieures \u00e0 LMY49H",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0832"
    },
    {
      "name": "CVE-2016-0822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0822"
    },
    {
      "name": "CVE-2016-0829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0829"
    },
    {
      "name": "CVE-2016-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0728"
    },
    {
      "name": "CVE-2016-0825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0825"
    },
    {
      "name": "CVE-2016-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0818"
    },
    {
      "name": "CVE-2016-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0830"
    },
    {
      "name": "CVE-2016-0828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0828"
    },
    {
      "name": "CVE-2016-0816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0816"
    },
    {
      "name": "CVE-2016-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0815"
    },
    {
      "name": "CVE-2016-0821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0821"
    },
    {
      "name": "CVE-2016-0827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0827"
    },
    {
      "name": "CVE-2016-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1621"
    },
    {
      "name": "CVE-2016-0823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0823"
    },
    {
      "name": "CVE-2016-0824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0824"
    },
    {
      "name": "CVE-2016-0819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0819"
    },
    {
      "name": "CVE-2016-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0831"
    },
    {
      "name": "CVE-2016-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0826"
    },
    {
      "name": "CVE-2016-0820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0820"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-083",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Nexus 2016-03-01 du 07 mars 2016",
      "url": "https://source.android.com/security/bulletin/2016-03-01.html"
    }
  ]
}

CERTFR-2016-AVI-083

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Android (Nexus) Marshmallow versions n'intégrant pas le correctif de sécurité du 1 mars 2016
	Google	Android	Google Android (Nexus) versions antérieures à LMY49H

References

Title

Publication Time

Tags

Bulletin de sécurité Nexus 2016-03-01 du 07 mars 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Android (Nexus) Marshmallow versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 1 mars 2016",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Android (Nexus) versions ant\u00e9rieures \u00e0 LMY49H",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0832"
    },
    {
      "name": "CVE-2016-0822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0822"
    },
    {
      "name": "CVE-2016-0829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0829"
    },
    {
      "name": "CVE-2016-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0728"
    },
    {
      "name": "CVE-2016-0825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0825"
    },
    {
      "name": "CVE-2016-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0818"
    },
    {
      "name": "CVE-2016-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0830"
    },
    {
      "name": "CVE-2016-0828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0828"
    },
    {
      "name": "CVE-2016-0816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0816"
    },
    {
      "name": "CVE-2016-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0815"
    },
    {
      "name": "CVE-2016-0821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0821"
    },
    {
      "name": "CVE-2016-0827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0827"
    },
    {
      "name": "CVE-2016-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1621"
    },
    {
      "name": "CVE-2016-0823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0823"
    },
    {
      "name": "CVE-2016-0824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0824"
    },
    {
      "name": "CVE-2016-0819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0819"
    },
    {
      "name": "CVE-2016-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0831"
    },
    {
      "name": "CVE-2016-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0826"
    },
    {
      "name": "CVE-2016-0820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0820"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-083",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Nexus 2016-03-01 du 07 mars 2016",
      "url": "https://source.android.com/security/bulletin/2016-03-01.html"
    }
  ]
}

GHSA-PJPG-8WJW-XMV3

Vulnerability from github – Published: 2022-05-17 03:31 – Updated: 2022-05-17 03:31

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-12T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.",
  "id": "GHSA-pjpg-8wjw-xmv3",
  "modified": "2022-05-17T03:31:52Z",
  "published": "2022-05-17T03:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1621"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-09"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-03-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/84239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201603-0118

Vulnerability from variot - Updated: 2023-12-18 11:36

libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. GoogleNexus is a series of smart devices based on the Android operating system developed by Google Inc. of the United States, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. A security vulnerability exists in mediaservers prior to GoogleNexusBuildsLMY49H. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201603-09

                                       https://security.gentoo.org/

Severity: Normal Title: Chromium: Multiple vulnerabilities Date: March 12, 2016 Bugs: #555640, #559384, #561448, #563098, #565510, #567308, #567870, #568396, #572542, #574416, #575434, #576354, #576858 ID: 201603-09

Synopsis

Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.

Background

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 www-client/chromium < 49.0.2623.87 >= 49.0.2623.87

Description

Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-49.0.2623.87"

References

[ 1 ] CVE-2015-1270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270 [ 2 ] CVE-2015-1271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271 [ 3 ] CVE-2015-1272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272 [ 4 ] CVE-2015-1273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273 [ 5 ] CVE-2015-1274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274 [ 6 ] CVE-2015-1275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275 [ 7 ] CVE-2015-1276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276 [ 8 ] CVE-2015-1277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277 [ 9 ] CVE-2015-1278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278 [ 10 ] CVE-2015-1279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279 [ 11 ] CVE-2015-1280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280 [ 12 ] CVE-2015-1281 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281 [ 13 ] CVE-2015-1282 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282 [ 14 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 15 ] CVE-2015-1284 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284 [ 16 ] CVE-2015-1285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285 [ 17 ] CVE-2015-1286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286 [ 18 ] CVE-2015-1287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287 [ 19 ] CVE-2015-1288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288 [ 20 ] CVE-2015-1289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289 [ 21 ] CVE-2015-1291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291 [ 22 ] CVE-2015-1292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292 [ 23 ] CVE-2015-1293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293 [ 24 ] CVE-2015-1294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294 [ 25 ] CVE-2015-1295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295 [ 26 ] CVE-2015-1296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296 [ 27 ] CVE-2015-1297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297 [ 28 ] CVE-2015-1298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298 [ 29 ] CVE-2015-1299 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299 [ 30 ] CVE-2015-1300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300 [ 31 ] CVE-2015-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302 [ 32 ] CVE-2015-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303 [ 33 ] CVE-2015-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304 [ 34 ] CVE-2015-6755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755 [ 35 ] CVE-2015-6756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756 [ 36 ] CVE-2015-6757 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757 [ 37 ] CVE-2015-6758 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758 [ 38 ] CVE-2015-6759 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759 [ 39 ] CVE-2015-6760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760 [ 40 ] CVE-2015-6761 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761 [ 41 ] CVE-2015-6762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762 [ 42 ] CVE-2015-6763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763 [ 43 ] CVE-2015-6764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764 [ 44 ] CVE-2015-6765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765 [ 45 ] CVE-2015-6766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766 [ 46 ] CVE-2015-6767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767 [ 47 ] CVE-2015-6768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768 [ 48 ] CVE-2015-6769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769 [ 49 ] CVE-2015-6770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770 [ 50 ] CVE-2015-6771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771 [ 51 ] CVE-2015-6772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772 [ 52 ] CVE-2015-6773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773 [ 53 ] CVE-2015-6774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774 [ 54 ] CVE-2015-6775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775 [ 55 ] CVE-2015-6776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776 [ 56 ] CVE-2015-6777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777 [ 57 ] CVE-2015-6778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778 [ 58 ] CVE-2015-6779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779 [ 59 ] CVE-2015-6780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780 [ 60 ] CVE-2015-6781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781 [ 61 ] CVE-2015-6782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782 [ 62 ] CVE-2015-6783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783 [ 63 ] CVE-2015-6784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784 [ 64 ] CVE-2015-6785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785 [ 65 ] CVE-2015-6786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786 [ 66 ] CVE-2015-6787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787 [ 67 ] CVE-2015-6788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788 [ 68 ] CVE-2015-6789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789 [ 69 ] CVE-2015-6790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790 [ 70 ] CVE-2015-6791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791 [ 71 ] CVE-2015-6792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792 [ 72 ] CVE-2015-8126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126 [ 73 ] CVE-2016-1612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612 [ 74 ] CVE-2016-1613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613 [ 75 ] CVE-2016-1614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614 [ 76 ] CVE-2016-1615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615 [ 77 ] CVE-2016-1616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616 [ 78 ] CVE-2016-1617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617 [ 79 ] CVE-2016-1618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618 [ 80 ] CVE-2016-1619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619 [ 81 ] CVE-2016-1620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620 [ 82 ] CVE-2016-1621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621 [ 83 ] CVE-2016-1622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622 [ 84 ] CVE-2016-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623 [ 85 ] CVE-2016-1624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624 [ 86 ] CVE-2016-1625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625 [ 87 ] CVE-2016-1626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626 [ 88 ] CVE-2016-1627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627 [ 89 ] CVE-2016-1628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628 [ 90 ] CVE-2016-1629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629 [ 91 ] CVE-2016-1630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630 [ 92 ] CVE-2016-1631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631 [ 93 ] CVE-2016-1632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632 [ 94 ] CVE-2016-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633 [ 95 ] CVE-2016-1634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634 [ 96 ] CVE-2016-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635 [ 97 ] CVE-2016-1636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636 [ 98 ] CVE-2016-1637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637 [ 99 ] CVE-2016-1638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638 [ 100 ] CVE-2016-1639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639 [ 101 ] CVE-2016-1640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640 [ 102 ] CVE-2016-1641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201603-09

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0118",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "4.4.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.1.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "6.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.1.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "6.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.0.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "4.4.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "google",
        "version": "5.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.3.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.1.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0.3"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2.1"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.2.2"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.4"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "google",
        "version": "4.0"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "google",
        "version": "5.1.1 lmy49h"
      },
      {
        "model": "android",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "google",
        "version": "5.x"
      },
      {
        "model": "android",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "google",
        "version": "2016-03-01 earlier  6.x"
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "google",
        "version": "4.4.4"
      },
      {
        "model": "android",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "google",
        "version": "4.x"
      },
      {
        "model": "nexus lmy49h",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "google",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136204"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2016-1621",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-1621",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-01543",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1621",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1621",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-01543",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-092",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1621",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. GoogleNexus is a series of smart devices based on the Android operating system developed by Google Inc. of the United States, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. A security vulnerability exists in mediaservers prior to GoogleNexusBuildsLMY49H. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201603-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Chromium: Multiple vulnerabilities\n     Date: March 12, 2016\n     Bugs: #555640, #559384, #561448, #563098, #565510, #567308,\n           #567870, #568396, #572542, #574416, #575434, #576354, #576858\n       ID: 201603-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Chromium web browser,\nthe worst of which allows remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nChromium is an open-source browser project that aims to build a safer,\nfaster, and more stable way for all users to experience the web. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  www-client/chromium       \u003c 49.0.2623.87         \u003e= 49.0.2623.87\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the Chromium web\nbrowser. Please review the CVE identifiers referenced below for\ndetails. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Chromium users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=www-client/chromium-49.0.2623.87\"\n\nReferences\n==========\n\n[   1 ] CVE-2015-1270\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270\n[   2 ] CVE-2015-1271\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271\n[   3 ] CVE-2015-1272\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272\n[   4 ] CVE-2015-1273\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273\n[   5 ] CVE-2015-1274\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274\n[   6 ] CVE-2015-1275\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275\n[   7 ] CVE-2015-1276\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276\n[   8 ] CVE-2015-1277\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277\n[   9 ] CVE-2015-1278\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278\n[  10 ] CVE-2015-1279\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279\n[  11 ] CVE-2015-1280\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280\n[  12 ] CVE-2015-1281\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281\n[  13 ] CVE-2015-1282\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282\n[  14 ] CVE-2015-1283\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283\n[  15 ] CVE-2015-1284\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284\n[  16 ] CVE-2015-1285\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285\n[  17 ] CVE-2015-1286\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286\n[  18 ] CVE-2015-1287\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287\n[  19 ] CVE-2015-1288\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288\n[  20 ] CVE-2015-1289\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289\n[  21 ] CVE-2015-1291\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291\n[  22 ] CVE-2015-1292\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292\n[  23 ] CVE-2015-1293\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293\n[  24 ] CVE-2015-1294\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294\n[  25 ] CVE-2015-1295\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295\n[  26 ] CVE-2015-1296\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296\n[  27 ] CVE-2015-1297\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297\n[  28 ] CVE-2015-1298\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298\n[  29 ] CVE-2015-1299\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299\n[  30 ] CVE-2015-1300\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300\n[  31 ] CVE-2015-1302\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302\n[  32 ] CVE-2015-1303\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303\n[  33 ] CVE-2015-1304\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304\n[  34 ] CVE-2015-6755\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755\n[  35 ] CVE-2015-6756\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756\n[  36 ] CVE-2015-6757\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757\n[  37 ] CVE-2015-6758\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758\n[  38 ] CVE-2015-6759\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759\n[  39 ] CVE-2015-6760\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760\n[  40 ] CVE-2015-6761\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761\n[  41 ] CVE-2015-6762\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762\n[  42 ] CVE-2015-6763\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763\n[  43 ] CVE-2015-6764\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764\n[  44 ] CVE-2015-6765\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765\n[  45 ] CVE-2015-6766\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766\n[  46 ] CVE-2015-6767\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767\n[  47 ] CVE-2015-6768\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768\n[  48 ] CVE-2015-6769\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769\n[  49 ] CVE-2015-6770\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770\n[  50 ] CVE-2015-6771\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771\n[  51 ] CVE-2015-6772\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772\n[  52 ] CVE-2015-6773\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773\n[  53 ] CVE-2015-6774\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774\n[  54 ] CVE-2015-6775\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775\n[  55 ] CVE-2015-6776\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776\n[  56 ] CVE-2015-6777\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777\n[  57 ] CVE-2015-6778\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778\n[  58 ] CVE-2015-6779\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779\n[  59 ] CVE-2015-6780\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780\n[  60 ] CVE-2015-6781\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781\n[  61 ] CVE-2015-6782\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782\n[  62 ] CVE-2015-6783\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783\n[  63 ] CVE-2015-6784\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784\n[  64 ] CVE-2015-6785\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785\n[  65 ] CVE-2015-6786\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786\n[  66 ] CVE-2015-6787\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787\n[  67 ] CVE-2015-6788\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788\n[  68 ] CVE-2015-6789\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789\n[  69 ] CVE-2015-6790\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790\n[  70 ] CVE-2015-6791\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791\n[  71 ] CVE-2015-6792\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792\n[  72 ] CVE-2015-8126\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126\n[  73 ] CVE-2016-1612\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612\n[  74 ] CVE-2016-1613\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613\n[  75 ] CVE-2016-1614\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614\n[  76 ] CVE-2016-1615\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615\n[  77 ] CVE-2016-1616\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616\n[  78 ] CVE-2016-1617\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617\n[  79 ] CVE-2016-1618\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618\n[  80 ] CVE-2016-1619\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619\n[  81 ] CVE-2016-1620\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620\n[  82 ] CVE-2016-1621\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621\n[  83 ] CVE-2016-1622\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622\n[  84 ] CVE-2016-1623\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623\n[  85 ] CVE-2016-1624\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624\n[  86 ] CVE-2016-1625\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625\n[  87 ] CVE-2016-1626\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626\n[  88 ] CVE-2016-1627\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627\n[  89 ] CVE-2016-1628\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628\n[  90 ] CVE-2016-1629\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629\n[  91 ] CVE-2016-1630\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630\n[  92 ] CVE-2016-1631\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631\n[  93 ] CVE-2016-1632\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632\n[  94 ] CVE-2016-1633\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633\n[  95 ] CVE-2016-1634\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634\n[  96 ] CVE-2016-1635\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635\n[  97 ] CVE-2016-1636\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636\n[  98 ] CVE-2016-1637\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637\n[  99 ] CVE-2016-1638\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638\n[ 100 ] CVE-2016-1639\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639\n[ 101 ] CVE-2016-1640\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640\n[ 102 ] CVE-2016-1641\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "db": "PACKETSTORM",
        "id": "136204"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1621",
        "trust": 3.2
      },
      {
        "db": "SECUNIA",
        "id": "69391",
        "trust": 1.2
      },
      {
        "db": "BID",
        "id": "84239",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136204",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "PACKETSTORM",
        "id": "136204"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "id": "VAR-201603-0118",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      }
    ],
    "trust": 0.7106929
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:36:18.068000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DO NOT MERGE - Remove deprecated image defines",
        "trust": 0.8,
        "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
      },
      {
        "title": "libwebm: Pull from upstream",
        "trust": 0.8,
        "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
      },
      {
        "title": "Merge Conflict Fix CL to lmp-mr1-release for ag/849478",
        "trust": 0.8,
        "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
      },
      {
        "title": "Nexus Security Bulletin - March 2016",
        "trust": 0.8,
        "url": "http://source.android.com/security/bulletin/2016-03-01.html"
      },
      {
        "title": "GoogleNexusmediaserver memory corruption vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/72457"
      },
      {
        "title": "Android mediaserver Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60452"
      },
      {
        "title": "Red Hat: CVE-2016-1621",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-1621"
      },
      {
        "title": "Android Security Bulletins: Nexus Security Bulletin - March 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=bdec4bc902496de72a50f4fbaa9a726a"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://source.android.com/security/bulletin/2016-03-01.html"
      },
      {
        "trust": 1.7,
        "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
      },
      {
        "trust": 1.7,
        "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
      },
      {
        "trust": 1.7,
        "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/69391"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/84239"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201603-09"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-march/179128.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1621"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1621"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1621"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1625"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1276"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1641"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6792"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6761"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1617"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1278"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1293"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6764"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1274"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6786"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1296"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1288"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1619"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6776"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1613"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1615"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1282"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1284"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6771"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1636"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1621"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1639"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1278"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1299"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6781"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1279"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1272"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6762"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6789"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6763"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6758"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1297"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1635"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1618"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8126"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1280"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1632"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1622"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1281"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1270"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1637"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1277"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1289"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1291"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1295"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1279"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1287"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1304"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1271"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1293"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6757"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6770"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1623"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6774"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1294"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1614"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1280"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6787"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1281"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6766"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1612"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1640"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1303"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6765"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1284"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6785"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6756"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1634"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6760"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1626"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6782"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6767"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1288"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1302"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1628"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1292"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1275"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1627"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6775"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1272"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1616"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1629"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6778"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6784"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6769"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1277"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1300"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6772"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1275"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1273"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6759"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6777"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1638"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1285"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1286"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6755"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1282"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1276"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1630"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1274"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6779"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "PACKETSTORM",
        "id": "136204"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "db": "PACKETSTORM",
        "id": "136204"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "date": "2016-03-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "date": "2016-03-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "date": "2016-03-14T14:51:21",
        "db": "PACKETSTORM",
        "id": "136204"
      },
      {
        "date": "2016-03-12T21:59:17.823000",
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "date": "2016-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01543"
      },
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1621"
      },
      {
        "date": "2016-03-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      },
      {
        "date": "2023-11-07T02:30:09.060000",
        "db": "NVD",
        "id": "CVE-2016-1621"
      },
      {
        "date": "2016-03-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android Media server  libvpx Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001810"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-092"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2016-1621

Vulnerability from fkie_nvd - Published: 2016-03-12 21:59 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	chrome-cve-admin@google.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html
	chrome-cve-admin@google.com	http://source.android.com/security/bulletin/2016-03-01.html
	chrome-cve-admin@google.com	http://www.securityfocus.com/bid/84239
	chrome-cve-admin@google.com	https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d
	chrome-cve-admin@google.com	https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426
	chrome-cve-admin@google.com	https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55
	chrome-cve-admin@google.com	https://security.gentoo.org/glsa/201603-09
	af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html
	af854a3a-2127-422b-91ae-364da2661108	http://source.android.com/security/bulletin/2016-03-01.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/84239
	af854a3a-2127-422b-91ae-364da2661108	https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d
	af854a3a-2127-422b-91ae-364da2661108	https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426
	af854a3a-2127-422b-91ae-364da2661108	https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55
	af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201603-09

Impacted products

Vendor	Product	Version
google	android	4.0
google	android	4.0.1
google	android	4.0.2
google	android	4.0.3
google	android	4.0.4
google	android	4.1
google	android	4.1.2
google	android	4.2
google	android	4.2.1
google	android	4.2.2
google	android	4.3
google	android	4.3.1
google	android	4.4
google	android	4.4.1
google	android	4.4.2
google	android	4.4.3
google	android	5.0
google	android	5.0.1
google	android	5.0.2
google	android	5.1
google	android	5.1.0
google	android	5.1.1
google	android	6.0
google	android	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792."
    },
    {
      "lang": "es",
      "value": "libvpx en mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49H y 6.0 en versiones anteriores a 2016-03-01 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo multimedia manipulado, relacionado con libwebm/mkvparser.cpp y otros archivos, tambi\u00e9n conocida como error interno 23452792."
    }
  ],
  "id": "CVE-2016-1621",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-12T21:59:17.823",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://source.android.com/security/bulletin/2016-03-01.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securityfocus.com/bid/84239"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://security.gentoo.org/glsa/201603-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://source.android.com/security/bulletin/2016-03-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/84239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201603-09"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-01543

Vulnerability from cnvd - Published: 2016-03-10

Title

Google Nexus mediaserver内存破坏漏洞

Description

Google Nexus是美国谷歌（Google）公司研发的基于Android操作系统的系列智能设备，包含有手机、平板电脑。该智能设备由Google提供技术并授权合作硬件厂商进行生产制造。 Google Nexus Builds LMY49H之前版本的mediaserver存在安全漏洞。远程攻击者可通过特制的文件利用该漏洞执行任意代码，或造成拒绝服务（内存破坏）。

Severity

高

Patch Name

Google Nexus mediaserver内存破坏漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://source.android.com/security/bulletin/2016-03-01.html

Reference

http://source.android.com/security/bulletin/2016-03-01.html http://secunia.com/advisories/69391

Impacted products

Name
Google Nexus < LMY49H

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1621"
    }
  },
  "description": "Google Nexus\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7814\u53d1\u7684\u57fa\u4e8eAndroid\u64cd\u4f5c\u7cfb\u7edf\u7684\u7cfb\u5217\u667a\u80fd\u8bbe\u5907\uff0c\u5305\u542b\u6709\u624b\u673a\u3001\u5e73\u677f\u7535\u8111\u3002\u8be5\u667a\u80fd\u8bbe\u5907\u7531Google\u63d0\u4f9b\u6280\u672f\u5e76\u6388\u6743\u5408\u4f5c\u786c\u4ef6\u5382\u5546\u8fdb\u884c\u751f\u4ea7\u5236\u9020\u3002\r\n\r\nGoogle Nexus Builds LMY49H\u4e4b\u524d\u7248\u672c\u7684mediaserver\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\uff09\u3002",
  "discovererName": "Google",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://source.android.com/security/bulletin/2016-03-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01543",
  "openTime": "2016-03-10",
  "patchDescription": "Google Nexus\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7814\u53d1\u7684\u57fa\u4e8eAndroid\u64cd\u4f5c\u7cfb\u7edf\u7684\u7cfb\u5217\u667a\u80fd\u8bbe\u5907\uff0c\u5305\u542b\u6709\u624b\u673a\u3001\u5e73\u677f\u7535\u8111\u3002\u8be5\u667a\u80fd\u8bbe\u5907\u7531Google\u63d0\u4f9b\u6280\u672f\u5e76\u6388\u6743\u5408\u4f5c\u786c\u4ef6\u5382\u5546\u8fdb\u884c\u751f\u4ea7\u5236\u9020\u3002\r\n\r\nGoogle Nexus Builds LMY49H\u4e4b\u524d\u7248\u672c\u7684mediaserver\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Nexus mediaserver\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Nexus \u003c LMY49H"
  },
  "referenceLink": "http://source.android.com/security/bulletin/2016-03-01.html\r\nhttp://secunia.com/advisories/69391",
  "serverity": "\u9ad8",
  "submitTime": "2016-03-09",
  "title": "Google Nexus mediaserver\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1621 (GCVE-0-2016-1621)

Solution

Solution

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature