Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-3751 (GCVE-0-2016-3751)
Vulnerability from cvelistv5 – Published: 2016-07-11 01:00 – Updated: 2024-08-06 00:03
VLAI?
EPSS
Summary
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:15.775Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2016-3751",
"datePublished": "2016-07-11T01:00:00.000Z",
"dateReserved": "2016-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:03:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2016-3751
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-3751",
"description": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
"id": "GSD-2016-3751"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-3751"
],
"details": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
"id": "GSD-2016-3751",
"modified": "2023-12-13T01:21:27.843994Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.6.19]",
"affected_versions": "All versions up to 1.6.19",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2016-07-11",
"description": "Unspecified vulnerability in libpng, as used in Android , allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug ",
"fixed_versions": [
"1.6.19.1"
],
"identifier": "CVE-2016-3751",
"identifiers": [
"CVE-2016-3751"
],
"not_impacted": "All versions after 1.6.19",
"package_slug": "nuget/libpng",
"pubdate": "2016-07-11",
"solution": "Upgrade to version 1.6.19.1 or above.",
"title": "Privilege Escalation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2016-3751",
"http://source.android.com/security/bulletin/2016-07-01.html",
"http://www.openwall.com/lists/oss-security/2016/07/09/4"
],
"uuid": "a0b1a494-10b6-4f39-8e0f-bf057532b2af"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3751"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "[oss-security] 20160709 Re: On anonymous CVE assignments",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"name": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca",
"refsource": "CONFIRM",
"tags": [],
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2016-07-11T17:52Z",
"publishedDate": "2016-07-11T01:59Z"
}
}
}
GHSA-38FG-RH2C-FH5C
Vulnerability from github – Published: 2022-05-17 03:51 – Updated: 2024-07-19 15:31
VLAI?
Details
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-3751"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-11T01:59:00Z",
"severity": "HIGH"
},
"details": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.",
"id": "GHSA-38fg-rh2c-fh5c",
"modified": "2024-07-19T15:31:45Z",
"published": "2022-05-17T03:51:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3751"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004"
},
{
"type": "WEB",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2016-04677
Vulnerability from cnvd - Published: 2016-07-12
VLAI Severity ?
Title
Android libpng权限提升漏洞
Description
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。libpng是其中的一个可对PNG图形文件实现创建、读写等操作的PNG参考库组件。
Android的libpng中存在提权漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行任意代码。
Severity
高
Patch Name
Android libpng权限提升漏洞的补丁
Patch Description
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。libpng是其中的一个可对PNG图形文件实现创建、读写等操作的PNG参考库组件。
Android的libpng中存在提权漏洞。攻击者可借助特制的应用程序利用该漏洞以提升的权限执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://source.android.com/security/bulletin/2016-07-01.html
Reference
https://source.android.com/security/bulletin/2016-07-01.html
Impacted products
| Name | ['Google Android Android 4.*,<4.4.4', 'Google Android Android 5.0.*,<5.0.2', 'Google Android Android 5.1.*,<5.1.1', 'Google Android Android 6.*,2016-07-01'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-3751"
}
},
"description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libpng\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u7ec4\u4ef6\u3002\r\n\r\nAndroid\u7684libpng\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Matt Sarett",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://source.android.com/security/bulletin/2016-07-01.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-04677",
"openTime": "2016-07-12",
"patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002libpng\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u5bf9PNG\u56fe\u5f62\u6587\u4ef6\u5b9e\u73b0\u521b\u5efa\u3001\u8bfb\u5199\u7b49\u64cd\u4f5c\u7684PNG\u53c2\u8003\u5e93\u7ec4\u4ef6\u3002\r\n\r\nAndroid\u7684libpng\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Android libpng\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Google Android Android 4.*\uff0c\u003c4.4.4",
"Google Android Android 5.0.*\uff0c\u003c5.0.2",
"Google Android Android 5.1.*\uff0c\u003c5.1.1",
"Google Android Android 6.*\uff0c2016-07-01"
]
},
"referenceLink": "https://source.android.com/security/bulletin/2016-07-01.html",
"serverity": "\u9ad8",
"submitTime": "2016-07-09",
"title": "Android libpng\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
CVE-2016-3751
Vulnerability from fstec - Published: 11.07.2016
VLAI Severity ?
Title
Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость библиотеки libpng операционной системы Android связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии с помощью специально созданного приложения
Severity ?
Vendor
Guy Eric Schalnat Andreas Dilger Glenn Randers-Pehrson
Software Name
libpng
Software Version
до 1.6.20 (libpng)
Possible Mitigations
Использование рекомендаций производителя:
http://www.openwall.com/lists/oss-security/2016/07/09/4
Reference
https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
http://www.openwall.com/lists/oss-security/2016/07/09/4
http://source.android.com/security/bulletin/2016-07-01.html
CWE
CWE-17
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Guy Eric Schalnat Andreas Dilger Glenn Randers-Pehrson",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.6.20 (libpng)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttp://www.openwall.com/lists/oss-security/2016/07/09/4",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.07.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.08.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-01858",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-3751",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "libpng",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Unix . 32-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libpng \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\nhttp://www.openwall.com/lists/oss-security/2016/07/09/4\nhttp://source.android.com/security/bulletin/2016-07-01.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CVE-2016-3751
Vulnerability from fstec - Published: 11.07.2016
VLAI Severity ?
Title
Уязвимость операционной системы Android, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость библиотеки libpng операционной системы Android связана с ошибками в коде. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии с помощью специально созданного приложения
Severity ?
Vendor
Google Inc
Software Name
Android
Software Version
от 4.0 до 4.4.4 (Android), от 5.0 до 5.0.2 (Android), от 5.1 до 5.1.1 (Android), от 6.0 до 2016-07-01 (Android)
Possible Mitigations
Использование рекомендаций производителя:
http://source.android.com/security/bulletin/2016-07-01.html
Reference
https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
http://www.openwall.com/lists/oss-security/2016/07/09/4
http://source.android.com/security/bulletin/2016-07-01.html
CWE
CWE-17
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 4.0 \u0434\u043e 4.4.4 (Android), \u043e\u0442 5.0 \u0434\u043e 5.0.2 (Android), \u043e\u0442 5.1 \u0434\u043e 5.1.1 (Android), \u043e\u0442 6.0 \u0434\u043e 2016-07-01 (Android)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttp://source.android.com/security/bulletin/2016-07-01.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.07.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.08.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-01859",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-3751",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Android",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u0434 (CWE-17)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libpng \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432 \u043a\u043e\u0434\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca\nhttp://www.openwall.com/lists/oss-security/2016/07/09/4\nhttp://source.android.com/security/bulletin/2016-07-01.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-17",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2016-AVI-227
Vulnerability from certfr_avis - Published: 2016-07-11 - Updated: 2016-07-11
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 6 juillet 2016
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 6 juillet 2016\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8890"
},
{
"name": "CVE-2014-9803",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9803"
},
{
"name": "CVE-2016-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3801"
},
{
"name": "CVE-2016-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2507"
},
{
"name": "CVE-2016-0723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0723"
},
{
"name": "CVE-2016-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3773"
},
{
"name": "CVE-2016-3747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3747"
},
{
"name": "CVE-2014-9795",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9795"
},
{
"name": "CVE-2016-3799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3799"
},
{
"name": "CVE-2016-3742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3742"
},
{
"name": "CVE-2016-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3802"
},
{
"name": "CVE-2014-9794",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9794"
},
{
"name": "CVE-2016-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3796"
},
{
"name": "CVE-2016-3745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3745"
},
{
"name": "CVE-2016-3770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3770"
},
{
"name": "CVE-2016-3763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3763"
},
{
"name": "CVE-2016-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3805"
},
{
"name": "CVE-2016-3760",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3760"
},
{
"name": "CVE-2015-8893",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8893"
},
{
"name": "CVE-2016-3816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3816"
},
{
"name": "CVE-2016-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2502"
},
{
"name": "CVE-2014-9786",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9786"
},
{
"name": "CVE-2016-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3765"
},
{
"name": "CVE-2014-9783",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9783"
},
{
"name": "CVE-2014-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9798"
},
{
"name": "CVE-2014-9797",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9797"
},
{
"name": "CVE-2015-8891",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8891"
},
{
"name": "CVE-2014-9792",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9792"
},
{
"name": "CVE-2016-3743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3743"
},
{
"name": "CVE-2016-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3758"
},
{
"name": "CVE-2016-3813",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3813"
},
{
"name": "CVE-2016-3767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3767"
},
{
"name": "CVE-2016-3750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3750"
},
{
"name": "CVE-2016-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3762"
},
{
"name": "CVE-2014-9802",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9802"
},
{
"name": "CVE-2016-3818",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3818"
},
{
"name": "CVE-2016-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3759"
},
{
"name": "CVE-2016-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2506"
},
{
"name": "CVE-2016-3774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3774"
},
{
"name": "CVE-2016-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2067"
},
{
"name": "CVE-2016-3800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3800"
},
{
"name": "CVE-2016-3766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3766"
},
{
"name": "CVE-2016-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3808"
},
{
"name": "CVE-2013-7457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7457"
},
{
"name": "CVE-2014-9781",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9781"
},
{
"name": "CVE-2014-9778",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9778"
},
{
"name": "CVE-2016-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3797"
},
{
"name": "CVE-2014-9789",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9789"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2014-9780",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9780"
},
{
"name": "CVE-2016-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3807"
},
{
"name": "CVE-2016-3751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3751"
},
{
"name": "CVE-2016-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3812"
},
{
"name": "CVE-2016-3741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3741"
},
{
"name": "CVE-2014-9799",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9799"
},
{
"name": "CVE-2016-3749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3749"
},
{
"name": "CVE-2016-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3772"
},
{
"name": "CVE-2014-9779",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9779"
},
{
"name": "CVE-2016-3756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3756"
},
{
"name": "CVE-2014-9800",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9800"
},
{
"name": "CVE-2015-8889",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8889"
},
{
"name": "CVE-2014-9790",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9790"
},
{
"name": "CVE-2016-3810",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3810"
},
{
"name": "CVE-2016-3761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3761"
},
{
"name": "CVE-2015-8888",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8888"
},
{
"name": "CVE-2014-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9784"
},
{
"name": "CVE-2016-3771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3771"
},
{
"name": "CVE-2014-9791",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9791"
},
{
"name": "CVE-2014-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9788"
},
{
"name": "CVE-2014-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9793"
},
{
"name": "CVE-2016-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3804"
},
{
"name": "CVE-2016-3795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3795"
},
{
"name": "CVE-2016-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3793"
},
{
"name": "CVE-2016-3814",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3814"
},
{
"name": "CVE-2016-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3764"
},
{
"name": "CVE-2014-9785",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9785"
},
{
"name": "CVE-2016-2501",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2501"
},
{
"name": "CVE-2014-9796",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9796"
},
{
"name": "CVE-2016-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2505"
},
{
"name": "CVE-2014-9777",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9777"
},
{
"name": "CVE-2016-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3803"
},
{
"name": "CVE-2016-3748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3748"
},
{
"name": "CVE-2016-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2068"
},
{
"name": "CVE-2016-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3809"
},
{
"name": "CVE-2016-3746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3746"
},
{
"name": "CVE-2016-3757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3757"
},
{
"name": "CVE-2015-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8816"
},
{
"name": "CVE-2016-3798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3798"
},
{
"name": "CVE-2016-3744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3744"
},
{
"name": "CVE-2014-9801",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9801"
},
{
"name": "CVE-2016-3769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3769"
},
{
"name": "CVE-2016-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2508"
},
{
"name": "CVE-2016-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3752"
},
{
"name": "CVE-2016-3792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3792"
},
{
"name": "CVE-2016-3755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3755"
},
{
"name": "CVE-2016-3811",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3811"
},
{
"name": "CVE-2015-8892",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8892"
},
{
"name": "CVE-2016-3768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3768"
},
{
"name": "CVE-2014-9787",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9787"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-3754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3754"
},
{
"name": "CVE-2016-3815",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3815"
},
{
"name": "CVE-2016-3806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3806"
},
{
"name": "CVE-2014-9782",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9782"
},
{
"name": "CVE-2016-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3753"
},
{
"name": "CVE-2016-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2503"
},
{
"name": "CVE-2016-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3775"
}
],
"initial_release_date": "2016-07-11T00:00:00",
"last_revision_date": "2016-07-11T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-227",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 juillet 2016",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
FKIE_CVE-2016-3751
Vulnerability from fkie_nvd - Published: 2016-07-11 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libpng | libpng | * | |
| android | 4.0 | ||
| android | 4.0.1 | ||
| android | 4.0.2 | ||
| android | 4.0.3 | ||
| android | 4.0.4 | ||
| android | 4.1 | ||
| android | 4.1.2 | ||
| android | 4.2 | ||
| android | 4.2.1 | ||
| android | 4.2.2 | ||
| android | 4.3 | ||
| android | 4.3.1 | ||
| android | 4.4 | ||
| android | 4.4.1 | ||
| android | 4.4.2 | ||
| android | 4.4.3 | ||
| android | 5.0 | ||
| android | 5.0.1 | ||
| android | 5.1 | ||
| android | 5.1.0 | ||
| android | 6.0 | ||
| android | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F63D199-D477-4807-8A4E-A30C55D1FC48",
"versionEndIncluding": "1.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en libpng en versiones anteriores a 1.6.20, como es usado en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-07-01, permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, seg\u00fan lo demostrado por la obtenci\u00f3n de acceso Signature o SignatureOrSystem, tambi\u00e9n conocido como error interno 23265085."
}
],
"id": "CVE-2016-3751",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-11T01:59:51.870",
"references": [
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "security@android.com",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"source": "security@android.com",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"source": "security@android.com",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/07/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240719-0004/"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…