cvelistv5 - cve-2016-6702

CVE-2016-6702 (GCVE-0-2016-6702)

Vulnerability from cvelistv5 – Published: 2016-11-25 16:00 – Updated: 2024-08-06 01:36

Summary

A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.

Severity ?

No CVSS data available.

CWE

Remote code execution

Assigner

google_android

References

URL

Tags

	https://source.android.com/security/bulletin/2016…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94160	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Google Inc.	Android	Affected: Android-4.4.4 Affected: Android-5.0.2 Affected: Android-5.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:36:29.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "name": "94160",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94160"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "Google Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android-4.4.4"
            },
            {
              "status": "affected",
              "version": "Android-5.0.2"
            },
            {
              "status": "affected",
              "version": "Android-5.1.1"
            }
          ]
        }
      ],
      "datePublic": "2016-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2016-11-01.html"
        },
        {
          "name": "94160",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94160"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-6702",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android-4.4.4"
                          },
                          {
                            "version_value": "Android-5.0.2"
                          },
                          {
                            "version_value": "Android-5.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2016-11-01.html",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2016-11-01.html"
            },
            {
              "name": "94160",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94160"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2016-6702",
    "datePublished": "2016-11-25T16:00:00",
    "dateReserved": "2016-08-11T00:00:00",
    "dateUpdated": "2024-08-06T01:36:29.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB318EA4-2908-4B91-8DBB-20008FDF528A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4E46A9-B652-47CE-92E8-01021E57724B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DA9F0F7-D592-481E-884C-B1A94E702825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49413FF7-7910-4F74-B106-C3170612CB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C32982-095C-4628-9958-118A3D3A9CAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4E6353-B77A-464F-B7DE-932704003B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77125688-2CCA-4990-ABB2-551D47CB0CDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo en libjpeg en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2 y 5.1.x en versiones anteriores a 5.1.1 podr\\u00eda habilitar a un atacante que utiliza un archivo especialmente manipulado a ejecutar c\\u00f3digo arbitrario en el contexto de un proceso no privilegiado. Este problema est\\u00e1 clasificado como High debido a la posibilidad de ejecuci\\u00f3n remota de c\\u00f3digo en una aplicaci\\u00f3n que utiliza libjpeg. Android ID: A-30259087.\"}]",
      "id": "CVE-2016-6702",
      "lastModified": "2024-11-21T02:56:39.797",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-11-25T16:59:07.983",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/94160\", \"source\": \"security@android.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://source.android.com/security/bulletin/2016-11-01.html\", \"source\": \"security@android.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://source.android.com/security/bulletin/2016-11-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@android.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6702\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2016-11-25T16:59:07.983\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en libjpeg en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2 y 5.1.x en versiones anteriores a 5.1.1 podr\u00eda habilitar a un atacante que utiliza un archivo especialmente manipulado a ejecutar c\u00f3digo arbitrario en el contexto de un proceso no privilegiado. Este problema est\u00e1 clasificado como High debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo en una aplicaci\u00f3n que utiliza libjpeg. Android ID: A-30259087.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A39C31E3-75C0-4E92-A6B5-7D67B22E3449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB318EA4-2908-4B91-8DBB-20008FDF528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4E46A9-B652-47CE-92E8-01021E57724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36DD8E3F-6308-4680-B932-4CBD8E58A7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9F0F7-D592-481E-884C-B1A94E702825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47AB858-36DE-4330-8CAC-1B46C5C8DA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49413FF7-7910-4F74-B106-C3170612CB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8882E50-7C49-4A99-91F2-DF979CF8BB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C32982-095C-4628-9958-118A3D3A9CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4E6353-B77A-464F-B7DE-932704003B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77125688-2CCA-4990-ABB2-551D47CB0CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B846C63A-7261-481E-B4A4-0D8C79E0D8A7\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94160\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://source.android.com/security/bulletin/2016-11-01.html\",\"source\":\"security@android.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://source.android.com/security/bulletin/2016-11-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2016-6702

Vulnerability from fkie_nvd - Published: 2016-11-25 16:59 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@android.com	http://www.securityfocus.com/bid/94160	Third Party Advisory, VDB Entry
security@android.com	https://source.android.com/security/bulletin/2016-11-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94160	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/2016-11-01.html	Vendor Advisory

Impacted products

Vendor	Product	Version
google	android	4.0
google	android	4.0.1
google	android	4.0.2
google	android	4.0.3
google	android	4.0.4
google	android	4.1
google	android	4.1.2
google	android	4.2
google	android	4.2.1
google	android	4.2.2
google	android	4.3
google	android	4.3.1
google	android	4.4
google	android	4.4.1
google	android	4.4.2
google	android	4.4.3
google	android	5.0
google	android	5.0.1
google	android	5.1
google	android	5.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en libjpeg en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2 y 5.1.x en versiones anteriores a 5.1.1 podr\u00eda habilitar a un atacante que utiliza un archivo especialmente manipulado a ejecutar c\u00f3digo arbitrario en el contexto de un proceso no privilegiado. Este problema est\u00e1 clasificado como High debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo en una aplicaci\u00f3n que utiliza libjpeg. Android ID: A-30259087."
    }
  ],
  "id": "CVE-2016-6702",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-25T16:59:07.983",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94160"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-G9HH-J62Q-7JRM

Vulnerability from github – Published: 2022-05-17 03:28 – Updated: 2022-05-17 03:28

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-25T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.",
  "id": "GHSA-g9hh-j62q-7jrm",
  "modified": "2022-05-17T03:28:59Z",
  "published": "2022-05-17T03:28:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6702"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94160"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6702

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6702

Aliases

CVE-2016-6702

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6702",
    "description": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.",
    "id": "GSD-2016-6702"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6702"
      ],
      "details": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.",
      "id": "GSD-2016-6702",
      "modified": "2023-12-13T01:21:23.426925Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2016-6702",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Android-4.4.4"
                        },
                        {
                          "version_value": "Android-5.0.2"
                        },
                        {
                          "version_value": "Android-5.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://source.android.com/security/bulletin/2016-11-01.html",
            "refsource": "CONFIRM",
            "url": "https://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "name": "94160",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94160"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-6702"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2016-11-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/2016-11-01.html"
            },
            {
              "name": "94160",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94160"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-06T15:09Z",
      "publishedDate": "2016-11-25T16:59Z"
    }
  }
}

CERTFR-2016-AVI-370

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 7 novembre 2016

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 07 novembre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 7 novembre 2016\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6718"
    },
    {
      "name": "CVE-2014-9908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9908"
    },
    {
      "name": "CVE-2016-7916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
    },
    {
      "name": "CVE-2016-6732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6732"
    },
    {
      "name": "CVE-2016-6719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6719"
    },
    {
      "name": "CVE-2016-6739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6739"
    },
    {
      "name": "CVE-2016-7914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7914"
    },
    {
      "name": "CVE-2016-6136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
    },
    {
      "name": "CVE-2016-7917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7917"
    },
    {
      "name": "CVE-2016-7913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
    },
    {
      "name": "CVE-2015-0410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0410"
    },
    {
      "name": "CVE-2016-6728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6728"
    },
    {
      "name": "CVE-2016-6730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6730"
    },
    {
      "name": "CVE-2016-6751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6751"
    },
    {
      "name": "CVE-2016-6714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6714"
    },
    {
      "name": "CVE-2016-6707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6707"
    },
    {
      "name": "CVE-2016-7912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7912"
    },
    {
      "name": "CVE-2015-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
    },
    {
      "name": "CVE-2015-8961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8961"
    },
    {
      "name": "CVE-2016-6709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6709"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-6727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6727"
    },
    {
      "name": "CVE-2016-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6704"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6702"
    },
    {
      "name": "CVE-2016-6729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6729"
    },
    {
      "name": "CVE-2016-6715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6715"
    },
    {
      "name": "CVE-2016-6735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6735"
    },
    {
      "name": "CVE-2016-7915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7915"
    },
    {
      "name": "CVE-2016-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6698"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-3906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3906"
    },
    {
      "name": "CVE-2016-6706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6706"
    },
    {
      "name": "CVE-2016-6717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6717"
    },
    {
      "name": "CVE-2015-8963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
    },
    {
      "name": "CVE-2016-6725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6725"
    },
    {
      "name": "CVE-2016-6700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6700"
    },
    {
      "name": "CVE-2016-6746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6746"
    },
    {
      "name": "CVE-2016-6738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6738"
    },
    {
      "name": "CVE-2016-6740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6740"
    },
    {
      "name": "CVE-2016-6724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6724"
    },
    {
      "name": "CVE-2016-6747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6747"
    },
    {
      "name": "CVE-2016-6744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6744"
    },
    {
      "name": "CVE-2016-6752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6752"
    },
    {
      "name": "CVE-2016-6711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6711"
    },
    {
      "name": "CVE-2016-3907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3907"
    },
    {
      "name": "CVE-2016-6710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6710"
    },
    {
      "name": "CVE-2016-6703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6703"
    },
    {
      "name": "CVE-2016-6754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6754"
    },
    {
      "name": "CVE-2016-6743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6743"
    },
    {
      "name": "CVE-2016-6742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6742"
    },
    {
      "name": "CVE-2016-6749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6749"
    },
    {
      "name": "CVE-2016-6745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6745"
    },
    {
      "name": "CVE-2016-6720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6720"
    },
    {
      "name": "CVE-2016-6722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6722"
    },
    {
      "name": "CVE-2016-6721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6721"
    },
    {
      "name": "CVE-2016-6699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6699"
    },
    {
      "name": "CVE-2016-6733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6733"
    },
    {
      "name": "CVE-2016-6753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6753"
    },
    {
      "name": "CVE-2016-6750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6750"
    },
    {
      "name": "CVE-2016-6723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6723"
    },
    {
      "name": "CVE-2016-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
    },
    {
      "name": "CVE-2016-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2184"
    },
    {
      "name": "CVE-2015-8962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
    },
    {
      "name": "CVE-2016-7910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
    },
    {
      "name": "CVE-2016-6734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6734"
    },
    {
      "name": "CVE-2016-6741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6741"
    },
    {
      "name": "CVE-2016-7911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
    },
    {
      "name": "CVE-2016-6726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6726"
    },
    {
      "name": "CVE-2016-6737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6737"
    },
    {
      "name": "CVE-2016-6705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6705"
    },
    {
      "name": "CVE-2015-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
    },
    {
      "name": "CVE-2016-6708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6708"
    },
    {
      "name": "CVE-2016-6736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6736"
    },
    {
      "name": "CVE-2016-6748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6748"
    },
    {
      "name": "CVE-2016-6828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6828"
    },
    {
      "name": "CVE-2016-6712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6712"
    },
    {
      "name": "CVE-2014-9675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9675"
    },
    {
      "name": "CVE-2016-6716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6716"
    },
    {
      "name": "CVE-2016-6713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6713"
    },
    {
      "name": "CVE-2016-6731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6731"
    },
    {
      "name": "CVE-2016-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6701"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-370",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 07 novembre 2016",
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    }
  ]
}

CERTFR-2016-AVI-370

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 7 novembre 2016

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 07 novembre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 7 novembre 2016\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6718"
    },
    {
      "name": "CVE-2014-9908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9908"
    },
    {
      "name": "CVE-2016-7916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7916"
    },
    {
      "name": "CVE-2016-6732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6732"
    },
    {
      "name": "CVE-2016-6719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6719"
    },
    {
      "name": "CVE-2016-6739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6739"
    },
    {
      "name": "CVE-2016-7914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7914"
    },
    {
      "name": "CVE-2016-6136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
    },
    {
      "name": "CVE-2016-7917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7917"
    },
    {
      "name": "CVE-2016-7913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
    },
    {
      "name": "CVE-2015-0410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0410"
    },
    {
      "name": "CVE-2016-6728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6728"
    },
    {
      "name": "CVE-2016-6730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6730"
    },
    {
      "name": "CVE-2016-6751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6751"
    },
    {
      "name": "CVE-2016-6714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6714"
    },
    {
      "name": "CVE-2016-6707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6707"
    },
    {
      "name": "CVE-2016-7912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7912"
    },
    {
      "name": "CVE-2015-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
    },
    {
      "name": "CVE-2015-8961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8961"
    },
    {
      "name": "CVE-2016-6709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6709"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-6727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6727"
    },
    {
      "name": "CVE-2016-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6704"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6702"
    },
    {
      "name": "CVE-2016-6729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6729"
    },
    {
      "name": "CVE-2016-6715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6715"
    },
    {
      "name": "CVE-2016-6735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6735"
    },
    {
      "name": "CVE-2016-7915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7915"
    },
    {
      "name": "CVE-2016-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6698"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-3906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3906"
    },
    {
      "name": "CVE-2016-6706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6706"
    },
    {
      "name": "CVE-2016-6717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6717"
    },
    {
      "name": "CVE-2015-8963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
    },
    {
      "name": "CVE-2016-6725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6725"
    },
    {
      "name": "CVE-2016-6700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6700"
    },
    {
      "name": "CVE-2016-6746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6746"
    },
    {
      "name": "CVE-2016-6738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6738"
    },
    {
      "name": "CVE-2016-6740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6740"
    },
    {
      "name": "CVE-2016-6724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6724"
    },
    {
      "name": "CVE-2016-6747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6747"
    },
    {
      "name": "CVE-2016-6744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6744"
    },
    {
      "name": "CVE-2016-6752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6752"
    },
    {
      "name": "CVE-2016-6711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6711"
    },
    {
      "name": "CVE-2016-3907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3907"
    },
    {
      "name": "CVE-2016-6710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6710"
    },
    {
      "name": "CVE-2016-6703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6703"
    },
    {
      "name": "CVE-2016-6754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6754"
    },
    {
      "name": "CVE-2016-6743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6743"
    },
    {
      "name": "CVE-2016-6742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6742"
    },
    {
      "name": "CVE-2016-6749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6749"
    },
    {
      "name": "CVE-2016-6745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6745"
    },
    {
      "name": "CVE-2016-6720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6720"
    },
    {
      "name": "CVE-2016-6722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6722"
    },
    {
      "name": "CVE-2016-6721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6721"
    },
    {
      "name": "CVE-2016-6699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6699"
    },
    {
      "name": "CVE-2016-6733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6733"
    },
    {
      "name": "CVE-2016-6753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6753"
    },
    {
      "name": "CVE-2016-6750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6750"
    },
    {
      "name": "CVE-2016-6723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6723"
    },
    {
      "name": "CVE-2016-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
    },
    {
      "name": "CVE-2016-2184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2184"
    },
    {
      "name": "CVE-2015-8962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
    },
    {
      "name": "CVE-2016-7910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
    },
    {
      "name": "CVE-2016-6734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6734"
    },
    {
      "name": "CVE-2016-6741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6741"
    },
    {
      "name": "CVE-2016-7911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
    },
    {
      "name": "CVE-2016-6726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6726"
    },
    {
      "name": "CVE-2016-6737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6737"
    },
    {
      "name": "CVE-2016-6705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6705"
    },
    {
      "name": "CVE-2015-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
    },
    {
      "name": "CVE-2016-6708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6708"
    },
    {
      "name": "CVE-2016-6736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6736"
    },
    {
      "name": "CVE-2016-6748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6748"
    },
    {
      "name": "CVE-2016-6828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6828"
    },
    {
      "name": "CVE-2016-6712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6712"
    },
    {
      "name": "CVE-2014-9675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9675"
    },
    {
      "name": "CVE-2016-6716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6716"
    },
    {
      "name": "CVE-2016-6713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6713"
    },
    {
      "name": "CVE-2016-6731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6731"
    },
    {
      "name": "CVE-2016-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6701"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-370",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 07 novembre 2016",
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    }
  ]
}

CNVD-2016-11158

Vulnerability from cnvd - Published: 2016-11-16

Title

Google Android libjpeg远程代码执行漏洞

Description

Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。libjpeg是其中的一个包含JPEG解码、JPEG编码和其他JPEG功能的C语言库。 Android中的libjpeg存在远程远程代码执行漏洞。攻击者借助特制的文件利用该漏洞以提升的权限执行任意代码。

Severity

高

Patch Name

Google Android libjpeg远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://source.android.com/security/bulletin/2016-11-01.html

Reference

http://www.securityfocus.com/bid/94160

Impacted products

Name
['Google Android 4.4.4', 'Google Android 5.0.2', 'Google Android 5.1.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94160"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6702"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libjpeg\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5305\u542bJPEG\u89e3\u7801\u3001JPEG\u7f16\u7801\u548c\u5176\u4ed6JPEG\u529f\u80fd\u7684C\u8bed\u8a00\u5e93\u3002\r\n\r\nAndroid\u4e2d\u7684libjpeg\u5b58\u5728\u8fdc\u7a0b\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ao Wang and Zinuo Han of PKAV, Silence Information Technology.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://source.android.com/security/bulletin/2016-11-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11158",
  "openTime": "2016-11-16",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libjpeg\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5305\u542bJPEG\u89e3\u7801\u3001JPEG\u7f16\u7801\u548c\u5176\u4ed6JPEG\u529f\u80fd\u7684C\u8bed\u8a00\u5e93\u3002\r\n\r\nAndroid\u4e2d\u7684libjpeg\u5b58\u5728\u8fdc\u7a0b\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android libjpeg\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google Android 4.4.4",
      "Google Android 5.0.2",
      "Google Android  5.1.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/94160",
  "serverity": "\u9ad8",
  "submitTime": "2016-11-10",
  "title": "Google Android libjpeg\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6702 (GCVE-0-2016-6702)

FKIE_CVE-2016-6702

GHSA-G9HH-J62Q-7JRM

GSD-2016-6702

CERTFR-2016-AVI-370

Solution

CERTFR-2016-AVI-370

Solution

CNVD-2016-11158

Tags

Sightings

Nomenclature