CVE-2016-2425
Publication date 18 April 2016
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| android | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
Notes
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.5 · Medium
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N