Vulnerability CVE-2016-2464

Vulnerability Name:

CVE-2016-2464 (CCN-114081)

Assigned:

2016-06-08

Published:

2016-06-08

Updated:

2016-06-14

Summary:

libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2016-2464

Source: CCN
Type: Android Open Source Project
Android Security BulletinJune 2016

Source: CONFIRM
Type: Vendor Advisory
http://source.android.com/security/bulletin/2016-06-01.html

Source: CONFIRM
Type: UNKNOWN
https://android.googlesource.com/platform/external/libvpx/+/65c49d5b382de4085ee5668732bcb0f6ecaf7148

Source: CONFIRM
Type: UNKNOWN
https://android.googlesource.com/platform/external/libvpx/+/cc274e2abe8b2a6698a5c47d8aa4bb45f1f9538d

Source: XF
Type: UNKNOWN
android-cve20162464-code-exec(114081)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-2464

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:4.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.0.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.0.2:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.0.3:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.0.4:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.1.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.1.2:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.2:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.2.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.2.2:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.3:*:*:*:*:*:*:*

OR cpe:/o:google:android:4.3.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.0.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:5.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:5.1.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:6.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20162464	V	CVE-2016-2464	2023-06-22
oval:org.opensuse.security:def:7695	P	libvpx-devel-1.11.0-150400.1.5 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7969	P	libvpx4-1.6.1-150000.6.8.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:807	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:697	P	Security update for the Linux Kernel (Important)	2022-08-16
oval:org.opensuse.security:def:1389	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) (Important)	2022-06-29
oval:org.opensuse.security:def:3103	P	hplip-3.16.11-1.33 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3346	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94976	P	libvpx4-1.6.1-6.6.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94733	P	libvpx-devel-1.11.0-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:223	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:212	P	libtirpc-devel-1.2.6-1.131 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:501	P	Security update for helm-mirror (Moderate)	2022-05-31
oval:org.opensuse.security:def:1152	P	Security update for zlib (Important)	2022-03-30
oval:org.opensuse.security:def:112911	P	libvpx-devel-1.6.0-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:70019	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:1499	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:1143	P	Security update for ImageMagick (Moderate)	2021-12-10
oval:org.opensuse.security:def:815	P	Security update for python-Pygments (Important)	2021-12-01
oval:org.opensuse.security:def:64594	P	Security update for python-Pygments (Important)	2021-10-20
oval:org.opensuse.security:def:106369	P	libvpx-devel-1.6.0-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:1033	P	Security update for grilo (Important)	2021-09-23
oval:org.opensuse.security:def:61590	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71331	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71181	P	firewall-macros-0.5.5-4.24.9 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89745	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71294	P	libpango-1_0-0-1.40.14-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103400	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96710	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:69907	P	Security update for go1.15 (Moderate)	2021-08-20
oval:org.opensuse.security:def:1261	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2021-08-17
oval:org.opensuse.security:def:47158	P	stunnel-5.00-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48148	P	libmms0-0.6.2-15.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47219	P	chrony-2.3-3.110 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48217	P	libvmtools0-10.3.10-4.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48029	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47286	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47351	P	libgssglue1-0.4-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48179	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47233	P	cups-pk-helper-0.2.5-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48279	P	python-PyYAML-3.12-26.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47328	P	libXxf86vm1-1.1.3-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48243	P	mozilla-nspr-32bit-4.21-19.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47434	P	libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47483	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48250	P	openvpn-2.3.8-16.20.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47354	P	libhogweed2-2.7.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48344	P	xfsprogs-4.15.0-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47329	P	libapr-util1-1.5.3-1.46 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48327	P	transfig-3.2.5e-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47648	P	jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47575	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47547	P	accountsservice-0.6.42-16.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47343	P	libfreebl3-3.29.5-57.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47732	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47723	P	libjansson4-2.7-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47679	P	libXinerama1-1.1.3-3.54 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47464	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47794	P	libtasn1-4.9-3.5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47022	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47937	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47771	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47657	P	kernel-firmware-20180525-3.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47859	P	ppc64-diag-2.7.4-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47023	P	libgoa-1_0-0-3.20.4-7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48021	P	glibc-2.22-100.15.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47919	P	xalan-j2-2.7.0-264.133 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47789	P	libsrtp1-1.5.2-3.2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47062	P	libpng16-16-1.6.8-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47890	P	squashfs-4.3-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47037	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48083	P	libXrandr2-1.5.0-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47218	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48133	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47881	P	rtkit-0.11_git201205151338-8.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47194	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47961	P	axis-1.4-290.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:107684	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63523	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2372	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:94305	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2434	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101018	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63461	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100801	P	chrony-3.2-9.18.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62241	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71982	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1617	P	Security update for freeradius-server (Moderate)	2021-06-23
oval:org.opensuse.security:def:71042	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70988	P	libldap-2_4-2-2.4.46-7.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71101	P	shim-14-5.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46733	P	libicu-doc-52.1-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48599	P	perl-XML-LibXML-2.0019-5.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48375	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48653	P	xorg-x11-7.6_1-14.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48389	P	cpp48-4.8.5-30.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46734	P	libipa_hbac0-1.11.5.1-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48446	P	ipsec-tools-0.8.0-15.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48454	P	krb5-1.12.5-39.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46748	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48888	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48485	P	libcgroup-tools-0.41.rc1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48942	P	libpolkit0-32bit-0.113-5.12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46869	P	xalan-j2-2.7.0-264.133 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48556	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61301	P	libvpx4-1.6.1-4.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64507	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:66768	P	Security update for python-Pygments (Important)	2021-05-04
oval:org.opensuse.security:def:67748	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15) (Important)	2021-04-07
oval:org.opensuse.security:def:69802	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:100584	P	(Moderate)	2020-12-09
oval:org.opensuse.security:def:67941	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:93871	P	libvpx4-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62478	P	libvpx-devel-1.6.1-4.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72197	P	libvpx-devel-1.6.1-4.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103593	P	libvpx-devel-1.6.1-4.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94088	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62588	P	libvpx-devel-1.6.1-4.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72307	P	libvpx-devel-1.6.1-4.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116808	P	libvpx4-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107250	P	libvpx4-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61904	P	libvpx4-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71645	P	libvpx4-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62706	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72425	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117025	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107467	P	libvpx-devel-1.6.1-6.6.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89938	P	libvpx-devel-1.6.1-4.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64314	P	libXxf86dga-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70124	P	libvpx-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64401	P	libvpx4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73459	P	libvpx-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67648	P	libXfixes-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49420	P	libSDL2-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49474	P	libvpx-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67841	P	yast2-buildtools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49530	P	libQt5OpenGLExtensions-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49584	P	libvpx-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66459	P	libdcerpc-binding0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73124	P	libX11-6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66551	P	libvpx4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49648	P	libSDL2-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49702	P	libvpx-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73242	P	libvpx4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66676	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49202	P	libnghttp2-14 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73341	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49256	P	libvpx4 on GA media (Moderate)	2020-12-01
oval:com.ubuntu.xenial:def:201624640000000	V	CVE-2016-2464 on Ubuntu 16.04 LTS (xenial) - medium.	2016-06-13
oval:com.ubuntu.trusty:def:20162464000	V	CVE-2016-2464 on Ubuntu 14.04 LTS (trusty) - medium.	2016-06-12
oval:com.ubuntu.xenial:def:20162464000	V	CVE-2016-2464 on Ubuntu 16.04 LTS (xenial) - medium.	2016-06-12

BACK