CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
OR cpe:2.3:h:google:android_one:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_5x:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_6:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_6p:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_7_\(2013\):-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_9:-:*:*:*:*:*:*:*
cpe:2.3:h:google:nexus_player:-:*:*:*:*:*:*:*
cpe:2.3:h:google:pixel_c:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:48

Type Values Removed Values Added
References () http://source.android.com/security/bulletin/2016-05-01.html - Vendor Advisory () http://source.android.com/security/bulletin/2016-05-01.html - Vendor Advisory
References () https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73 - () https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73 -

Information

Published : 2016-05-09 10:59

Updated : 2024-11-21 02:48


NVD link : CVE-2016-2459

Mitre link : CVE-2016-2459

CVE.ORG link : CVE-2016-2459


JSON object : View

Products Affected

google

  • nexus_9
  • nexus_5x
  • nexus_6
  • nexus_6p
  • android
  • nexus_7_\(2013\)
  • nexus_player
  • nexus_5
  • android_one
  • pixel_c
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor