Search for vulnerabilities
Vulnerability details: VCID-1xfb-pc1f-aaap
Vulnerability ID VCID-1xfb-pc1f-aaap
Aliases CVE-2016-1621
Summary libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-20 Improper Input Validation
System Score Found at
generic_textual High http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1621.html
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.02744 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.03269 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.06147 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
epss 0.11762 https://api.first.org/data/v1/epss?cve=CVE-2016-1621
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1318185
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1621
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2016-1621
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1621
generic_textual High http://source.android.com/security/bulletin/2016-03-01.html
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179128.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1621.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1621.json
https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d
https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426
https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55
https://api.first.org/data/v1/epss?cve=CVE-2016-1621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1621
http://source.android.com/security/bulletin/2016-03-01.html
https://security.gentoo.org/glsa/201603-09
http://www.securityfocus.com/bid/84239
1318185 https://bugzilla.redhat.com/show_bug.cgi?id=1318185
cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
CVE-2016-1621 https://nvd.nist.gov/vuln/detail/CVE-2016-1621
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1621
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1621
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90869
EPSS Score 0.02744
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.