CVE-2016-6702

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Access Control Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 25/11/16 - Updated on 06/12/16

Description

A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.

Category: Access Control Error

CWE-284 (Improper Access Control)
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Security Notices

US National Vulnerability DatabaseCVE-2016-6702
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-370

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
googleandroid

Share this vulnerability with:

Twitter Facebook LinkedIn Mail