CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
OR cpe:2.3:h:google:android_one:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_5x:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_6:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_6p:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_7_\(2013\):-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_9:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_player:-:*:*:*:*:*:*:*
cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-05-09 10:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-2459

Mitre link : CVE-2016-2459

CVE.ORG link : CVE-2016-2459


JSON object : View

Products Affected

google

  • nexus_player
  • android
  • nexus_6p
  • nexus_9
  • nexus_7_\(2013\)
  • android_one
  • pixel_c
  • nexus_5x
  • nexus_5
  • nexus_6
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor