cvelistv5 - cve-2016-3751

CVE-2016-3751 (GCVE-0-2016-3751)

Vulnerability from cvelistv5 – Published: 2016-07-11 01:00 – Updated: 2024-08-06 00:03

Summary

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.

Severity ?

No CVSS data available.

CWE

Assigner

google_android

References

URL

Tags

	https://android.googlesource.com/platform/externa…
	http://www.openwall.com/lists/oss-security/2016/07/09/4	mailing-list
	http://source.android.com/security/bulletin/2016-…
	https://security.netapp.com/advisory/ntap-2024071…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
          },
          {
            "name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T13:06:15.775280",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
        },
        {
          "name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
        },
        {
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2016-3751",
    "datePublished": "2016-07-11T01:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.19\", \"matchCriteriaId\": \"0F63D199-D477-4807-8A4E-A30C55D1FC48\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB318EA4-2908-4B91-8DBB-20008FDF528A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4E46A9-B652-47CE-92E8-01021E57724B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA9F0F7-D592-481E-884C-B1A94E702825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\\u00e9s de una aplicaci\\u00f3n manipulada, seg\\u00fan lo demostrado por la obtenci\\u00f3n de acceso Signature o SignatureOrSystem, tambi\\u00e9n conocido como error interno 23265085.\"}]",
      "id": "CVE-2016-3751",
      "lastModified": "2024-11-21T02:50:38.157",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-07-11T01:59:51.870",
      "references": "[{\"url\": \"http://source.android.com/security/bulletin/2016-07-01.html\", \"source\": \"security@android.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/07/09/4\", \"source\": \"security@android.com\"}, {\"url\": \"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\", \"source\": \"security@android.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240719-0004/\", \"source\": \"security@android.com\"}, {\"url\": \"http://source.android.com/security/bulletin/2016-07-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/07/09/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240719-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@android.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-3751\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2016-07-11T01:59:51.870\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, seg\u00fan lo demostrado por la obtenci\u00f3n de acceso Signature o SignatureOrSystem, tambi\u00e9n conocido como error interno 23265085.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.19\",\"matchCriteriaId\":\"0F63D199-D477-4807-8A4E-A30C55D1FC48\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9F0F7-D592-481E-884C-B1A94E702825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70C6D8D-C9C3-4D92-8DFC-71F59E068295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"691FA41B-C2CE-413F-ABB1-0B22CB322807\"}]}]}],\"references\":[{\"url\":\"http://source.android.com/security/bulletin/2016-07-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/07/09/4\",\"source\":\"security@android.com\"},{\"url\":\"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\",\"source\":\"security@android.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240719-0004/\",\"source\":\"security@android.com\"},{\"url\":\"http://source.android.com/security/bulletin/2016-07-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/07/09/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240719-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2016-AVI-227

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 6 juillet 2016

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 06 juillet 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 6 juillet 2016\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8890"
    },
    {
      "name": "CVE-2014-9803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9803"
    },
    {
      "name": "CVE-2016-3801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3801"
    },
    {
      "name": "CVE-2016-2507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2507"
    },
    {
      "name": "CVE-2016-0723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
    },
    {
      "name": "CVE-2016-3773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3773"
    },
    {
      "name": "CVE-2016-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3747"
    },
    {
      "name": "CVE-2014-9795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9795"
    },
    {
      "name": "CVE-2016-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3799"
    },
    {
      "name": "CVE-2016-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3742"
    },
    {
      "name": "CVE-2016-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3802"
    },
    {
      "name": "CVE-2014-9794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9794"
    },
    {
      "name": "CVE-2016-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3796"
    },
    {
      "name": "CVE-2016-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3745"
    },
    {
      "name": "CVE-2016-3770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3770"
    },
    {
      "name": "CVE-2016-3763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3763"
    },
    {
      "name": "CVE-2016-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3805"
    },
    {
      "name": "CVE-2016-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3760"
    },
    {
      "name": "CVE-2015-8893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8893"
    },
    {
      "name": "CVE-2016-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3816"
    },
    {
      "name": "CVE-2016-2502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2502"
    },
    {
      "name": "CVE-2014-9786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9786"
    },
    {
      "name": "CVE-2016-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3765"
    },
    {
      "name": "CVE-2014-9783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9783"
    },
    {
      "name": "CVE-2014-9798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9798"
    },
    {
      "name": "CVE-2014-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9797"
    },
    {
      "name": "CVE-2015-8891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8891"
    },
    {
      "name": "CVE-2014-9792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9792"
    },
    {
      "name": "CVE-2016-3743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3743"
    },
    {
      "name": "CVE-2016-3758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3758"
    },
    {
      "name": "CVE-2016-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3813"
    },
    {
      "name": "CVE-2016-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3767"
    },
    {
      "name": "CVE-2016-3750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3750"
    },
    {
      "name": "CVE-2016-3762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3762"
    },
    {
      "name": "CVE-2014-9802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9802"
    },
    {
      "name": "CVE-2016-3818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3818"
    },
    {
      "name": "CVE-2016-3759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3759"
    },
    {
      "name": "CVE-2016-2506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2506"
    },
    {
      "name": "CVE-2016-3774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3774"
    },
    {
      "name": "CVE-2016-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2067"
    },
    {
      "name": "CVE-2016-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3800"
    },
    {
      "name": "CVE-2016-3766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3766"
    },
    {
      "name": "CVE-2016-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3808"
    },
    {
      "name": "CVE-2013-7457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7457"
    },
    {
      "name": "CVE-2014-9781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9781"
    },
    {
      "name": "CVE-2014-9778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9778"
    },
    {
      "name": "CVE-2016-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3797"
    },
    {
      "name": "CVE-2014-9789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9789"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2014-9780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9780"
    },
    {
      "name": "CVE-2016-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3807"
    },
    {
      "name": "CVE-2016-3751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3751"
    },
    {
      "name": "CVE-2016-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3812"
    },
    {
      "name": "CVE-2016-3741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3741"
    },
    {
      "name": "CVE-2014-9799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9799"
    },
    {
      "name": "CVE-2016-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3749"
    },
    {
      "name": "CVE-2016-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3772"
    },
    {
      "name": "CVE-2014-9779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9779"
    },
    {
      "name": "CVE-2016-3756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3756"
    },
    {
      "name": "CVE-2014-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9800"
    },
    {
      "name": "CVE-2015-8889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8889"
    },
    {
      "name": "CVE-2014-9790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9790"
    },
    {
      "name": "CVE-2016-3810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3810"
    },
    {
      "name": "CVE-2016-3761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3761"
    },
    {
      "name": "CVE-2015-8888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8888"
    },
    {
      "name": "CVE-2014-9784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9784"
    },
    {
      "name": "CVE-2016-3771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3771"
    },
    {
      "name": "CVE-2014-9791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9791"
    },
    {
      "name": "CVE-2014-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9788"
    },
    {
      "name": "CVE-2014-9793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9793"
    },
    {
      "name": "CVE-2016-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3804"
    },
    {
      "name": "CVE-2016-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3795"
    },
    {
      "name": "CVE-2016-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
    },
    {
      "name": "CVE-2016-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
    },
    {
      "name": "CVE-2016-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3764"
    },
    {
      "name": "CVE-2014-9785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9785"
    },
    {
      "name": "CVE-2016-2501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2501"
    },
    {
      "name": "CVE-2014-9796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9796"
    },
    {
      "name": "CVE-2016-2505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2505"
    },
    {
      "name": "CVE-2014-9777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9777"
    },
    {
      "name": "CVE-2016-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3803"
    },
    {
      "name": "CVE-2016-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3748"
    },
    {
      "name": "CVE-2016-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2068"
    },
    {
      "name": "CVE-2016-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3809"
    },
    {
      "name": "CVE-2016-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3746"
    },
    {
      "name": "CVE-2016-3757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3757"
    },
    {
      "name": "CVE-2015-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8816"
    },
    {
      "name": "CVE-2016-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3798"
    },
    {
      "name": "CVE-2016-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3744"
    },
    {
      "name": "CVE-2014-9801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9801"
    },
    {
      "name": "CVE-2016-3769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3769"
    },
    {
      "name": "CVE-2016-2508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2508"
    },
    {
      "name": "CVE-2016-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3752"
    },
    {
      "name": "CVE-2016-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3792"
    },
    {
      "name": "CVE-2016-3755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3755"
    },
    {
      "name": "CVE-2016-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3811"
    },
    {
      "name": "CVE-2015-8892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8892"
    },
    {
      "name": "CVE-2016-3768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3768"
    },
    {
      "name": "CVE-2014-9787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9787"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-3754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3754"
    },
    {
      "name": "CVE-2016-3815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
    },
    {
      "name": "CVE-2016-3806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3806"
    },
    {
      "name": "CVE-2014-9782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9782"
    },
    {
      "name": "CVE-2016-3753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3753"
    },
    {
      "name": "CVE-2016-2503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2503"
    },
    {
      "name": "CVE-2016-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3775"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-227",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 06 juillet 2016",
      "url": "http://source.android.com/security/bulletin/2016-07-01.html"
    }
  ]
}

CERTFR-2016-AVI-227

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 6 juillet 2016

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 06 juillet 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 6 juillet 2016\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8890"
    },
    {
      "name": "CVE-2014-9803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9803"
    },
    {
      "name": "CVE-2016-3801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3801"
    },
    {
      "name": "CVE-2016-2507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2507"
    },
    {
      "name": "CVE-2016-0723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
    },
    {
      "name": "CVE-2016-3773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3773"
    },
    {
      "name": "CVE-2016-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3747"
    },
    {
      "name": "CVE-2014-9795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9795"
    },
    {
      "name": "CVE-2016-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3799"
    },
    {
      "name": "CVE-2016-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3742"
    },
    {
      "name": "CVE-2016-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3802"
    },
    {
      "name": "CVE-2014-9794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9794"
    },
    {
      "name": "CVE-2016-3796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3796"
    },
    {
      "name": "CVE-2016-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3745"
    },
    {
      "name": "CVE-2016-3770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3770"
    },
    {
      "name": "CVE-2016-3763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3763"
    },
    {
      "name": "CVE-2016-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3805"
    },
    {
      "name": "CVE-2016-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3760"
    },
    {
      "name": "CVE-2015-8893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8893"
    },
    {
      "name": "CVE-2016-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3816"
    },
    {
      "name": "CVE-2016-2502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2502"
    },
    {
      "name": "CVE-2014-9786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9786"
    },
    {
      "name": "CVE-2016-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3765"
    },
    {
      "name": "CVE-2014-9783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9783"
    },
    {
      "name": "CVE-2014-9798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9798"
    },
    {
      "name": "CVE-2014-9797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9797"
    },
    {
      "name": "CVE-2015-8891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8891"
    },
    {
      "name": "CVE-2014-9792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9792"
    },
    {
      "name": "CVE-2016-3743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3743"
    },
    {
      "name": "CVE-2016-3758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3758"
    },
    {
      "name": "CVE-2016-3813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3813"
    },
    {
      "name": "CVE-2016-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3767"
    },
    {
      "name": "CVE-2016-3750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3750"
    },
    {
      "name": "CVE-2016-3762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3762"
    },
    {
      "name": "CVE-2014-9802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9802"
    },
    {
      "name": "CVE-2016-3818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3818"
    },
    {
      "name": "CVE-2016-3759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3759"
    },
    {
      "name": "CVE-2016-2506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2506"
    },
    {
      "name": "CVE-2016-3774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3774"
    },
    {
      "name": "CVE-2016-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2067"
    },
    {
      "name": "CVE-2016-3800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3800"
    },
    {
      "name": "CVE-2016-3766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3766"
    },
    {
      "name": "CVE-2016-3808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3808"
    },
    {
      "name": "CVE-2013-7457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7457"
    },
    {
      "name": "CVE-2014-9781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9781"
    },
    {
      "name": "CVE-2014-9778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9778"
    },
    {
      "name": "CVE-2016-3797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3797"
    },
    {
      "name": "CVE-2014-9789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9789"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2014-9780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9780"
    },
    {
      "name": "CVE-2016-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3807"
    },
    {
      "name": "CVE-2016-3751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3751"
    },
    {
      "name": "CVE-2016-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3812"
    },
    {
      "name": "CVE-2016-3741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3741"
    },
    {
      "name": "CVE-2014-9799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9799"
    },
    {
      "name": "CVE-2016-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3749"
    },
    {
      "name": "CVE-2016-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3772"
    },
    {
      "name": "CVE-2014-9779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9779"
    },
    {
      "name": "CVE-2016-3756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3756"
    },
    {
      "name": "CVE-2014-9800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9800"
    },
    {
      "name": "CVE-2015-8889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8889"
    },
    {
      "name": "CVE-2014-9790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9790"
    },
    {
      "name": "CVE-2016-3810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3810"
    },
    {
      "name": "CVE-2016-3761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3761"
    },
    {
      "name": "CVE-2015-8888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8888"
    },
    {
      "name": "CVE-2014-9784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9784"
    },
    {
      "name": "CVE-2016-3771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3771"
    },
    {
      "name": "CVE-2014-9791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9791"
    },
    {
      "name": "CVE-2014-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9788"
    },
    {
      "name": "CVE-2014-9793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9793"
    },
    {
      "name": "CVE-2016-3804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3804"
    },
    {
      "name": "CVE-2016-3795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3795"
    },
    {
      "name": "CVE-2016-3793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
    },
    {
      "name": "CVE-2016-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
    },
    {
      "name": "CVE-2016-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3764"
    },
    {
      "name": "CVE-2014-9785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9785"
    },
    {
      "name": "CVE-2016-2501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2501"
    },
    {
      "name": "CVE-2014-9796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9796"
    },
    {
      "name": "CVE-2016-2505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2505"
    },
    {
      "name": "CVE-2014-9777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9777"
    },
    {
      "name": "CVE-2016-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3803"
    },
    {
      "name": "CVE-2016-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3748"
    },
    {
      "name": "CVE-2016-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2068"
    },
    {
      "name": "CVE-2016-3809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3809"
    },
    {
      "name": "CVE-2016-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3746"
    },
    {
      "name": "CVE-2016-3757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3757"
    },
    {
      "name": "CVE-2015-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8816"
    },
    {
      "name": "CVE-2016-3798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3798"
    },
    {
      "name": "CVE-2016-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3744"
    },
    {
      "name": "CVE-2014-9801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9801"
    },
    {
      "name": "CVE-2016-3769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3769"
    },
    {
      "name": "CVE-2016-2508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2508"
    },
    {
      "name": "CVE-2016-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3752"
    },
    {
      "name": "CVE-2016-3792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3792"
    },
    {
      "name": "CVE-2016-3755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3755"
    },
    {
      "name": "CVE-2016-3811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3811"
    },
    {
      "name": "CVE-2015-8892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8892"
    },
    {
      "name": "CVE-2016-3768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3768"
    },
    {
      "name": "CVE-2014-9787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9787"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-3754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3754"
    },
    {
      "name": "CVE-2016-3815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
    },
    {
      "name": "CVE-2016-3806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3806"
    },
    {
      "name": "CVE-2014-9782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9782"
    },
    {
      "name": "CVE-2016-3753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3753"
    },
    {
      "name": "CVE-2016-2503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2503"
    },
    {
      "name": "CVE-2016-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3775"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-227",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 06 juillet 2016",
      "url": "http://source.android.com/security/bulletin/2016-07-01.html"
    }
  ]
}

GHSA-38FG-RH2C-FH5C

Vulnerability from github – Published: 2022-05-17 03:51 – Updated: 2024-07-19 15:31

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3751"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-11T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
  "id": "GHSA-38fg-rh2c-fh5c",
  "modified": "2024-07-19T15:31:45Z",
  "published": "2022-05-17T03:51:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3751"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240719-0004"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-07-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-3751

Vulnerability from fkie_nvd - Published: 2016-07-11 01:59 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@android.com	http://source.android.com/security/bulletin/2016-07-01.html	Vendor Advisory
security@android.com	http://www.openwall.com/lists/oss-security/2016/07/09/4
security@android.com	https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
security@android.com	https://security.netapp.com/advisory/ntap-20240719-0004/
af854a3a-2127-422b-91ae-364da2661108	http://source.android.com/security/bulletin/2016-07-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/07/09/4
af854a3a-2127-422b-91ae-364da2661108	https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240719-0004/

Impacted products

Vendor	Product	Version
libpng	libpng	*
google	android	4.0
google	android	4.0.1
google	android	4.0.2
google	android	4.0.3
google	android	4.0.4
google	android	4.1
google	android	4.1.2
google	android	4.2
google	android	4.2.1
google	android	4.2.2
google	android	4.3
google	android	4.3.1
google	android	4.4
google	android	4.4.1
google	android	4.4.2
google	android	4.4.3
google	android	5.0
google	android	5.0.1
google	android	5.1
google	android	5.1.0
google	android	6.0
google	android	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F63D199-D477-4807-8A4E-A30C55D1FC48",
              "versionEndIncluding": "1.6.19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, seg\u00fan lo demostrado por la obtenci\u00f3n de acceso Signature o SignatureOrSystem, tambi\u00e9n conocido como error interno 23265085."
    }
  ],
  "id": "CVE-2016-3751",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-11T01:59:51.870",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-07-01.html"
    },
    {
      "source": "security@android.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
    },
    {
      "source": "security@android.com",
      "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
    },
    {
      "source": "security@android.com",
      "url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-07-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-3751

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-3751

Aliases

CVE-2016-3751

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3751",
    "description": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
    "id": "GSD-2016-3751"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3751"
      ],
      "details": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
      "id": "GSD-2016-3751",
      "modified": "2023-12-13T01:21:27.843994Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2016-3751",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
            "refsource": "CONFIRM",
            "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
          },
          {
            "name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
          },
          {
            "name": "http://source.android.com/security/bulletin/2016-07-01.html",
            "refsource": "CONFIRM",
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.6.19]",
          "affected_versions": "All versions up to 1.6.19",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2016-07-11",
          "description": "Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug ",
          "fixed_versions": [
            "1.6.19.1"
          ],
          "identifier": "CVE-2016-3751",
          "identifiers": [
            "CVE-2016-3751"
          ],
          "not_impacted": "All versions after 1.6.19",
          "package_slug": "nuget/libpng",
          "pubdate": "2016-07-11",
          "solution": "Upgrade to version 1.6.19.1 or above.",
          "title": "Privilege Escalation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-3751",
            "http://source.android.com/security/bulletin/2016-07-01.html",
            "http://www.openwall.com/lists/oss-security/2016/07/09/4"
          ],
          "uuid": "a0b1a494-10b6-4f39-8e0f-bf057532b2af"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6.19",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-3751"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-07-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://source.android.com/security/bulletin/2016-07-01.html"
            },
            {
              "name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
            },
            {
              "name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-07-11T17:52Z",
      "publishedDate": "2016-07-11T01:59Z"
    }
  }
}

CNVD-2016-04677

Vulnerability from cnvd - Published: 2016-07-12

Title

Android libpng权限提升漏洞

Description

Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。libpng是其中的一个可对PNG图形文件实现创建、读写等操作的PNG参考库组件。 Android的libpng中存在提权漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行任意代码。

Severity

高

Patch Name

Android libpng权限提升漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://source.android.com/security/bulletin/2016-07-01.html

Reference

https://source.android.com/security/bulletin/2016-07-01.html

Impacted products

Name
['Google Android Android 4.，<4.4.4', 'Google Android Android 5.0.，<5.0.2', 'Google Android Android 5.1.，<5.1.1', 'Google Android Android 6.，2016-07-01']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3751"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libpng\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u7ec4\u4ef6\u3002\r\n\r\nAndroid\u7684libpng\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Matt Sarett",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://source.android.com/security/bulletin/2016-07-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04677",
  "openTime": "2016-07-12",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libpng\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u7ec4\u4ef6\u3002\r\n\r\nAndroid\u7684libpng\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Android libpng\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google Android Android 4.*\uff0c\u003c4.4.4",
      "Google Android Android 5.0.*\uff0c\u003c5.0.2",
      "Google Android Android 5.1.*\uff0c\u003c5.1.1",
      "Google Android Android 6.*\uff0c2016-07-01"
    ]
  },
  "referenceLink": "https://source.android.com/security/bulletin/2016-07-01.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-07-09",
  "title": "Android libpng\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-3751 (GCVE-0-2016-3751)

CERTFR-2016-AVI-227

Solution

CERTFR-2016-AVI-227

Solution

GHSA-38FG-RH2C-FH5C

FKIE_CVE-2016-3751

GSD-2016-3751

CNVD-2016-04677

Tags

Sightings

Nomenclature