CVE-2016-3821

CRITICAL Year: 2016
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-476
View all →

Vulnerability Description

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.

Related Vulnerabilities

CVE-2014-8241

CRITICAL
CVSS:9.8(Critical)

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

CWE-4762014

CVE-2014-9972

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.

CWE-4762014

CVE-2015-0573

CRITICAL
CVSS:9.8(Critical)

drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows att...

CWE-4762015

CVE-2015-8592

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.

CWE-4762015

CVE-2015-8787

CRITICAL
CVSS:9.8(Critical)

The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or ...

CWE-4762015

CVE-2015-9038

CRITICAL
CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.

CWE-4762015