CVE-2016-6701
Published: 25 November 2016
A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637.
Notes
Author | Note |
---|---|
jdstrand |
code not present in chromium sources |
Priority
Status
Package | Release | Status |
---|---|---|
android
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(Android 7.0 2016-11-01)
|
|
xenial |
Ignored
(abandoned)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
chromium-browser
Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code-not-present)
|
bionic |
Not vulnerable
(code-not-present)
|
|
precise |
Ignored
|
|
trusty |
Does not exist
(trusty was not-affected [code-not-present])
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-present)
|
|
yakkety |
Not vulnerable
(code-not-present)
|
|
zesty |
Not vulnerable
(code-not-present)
|
|
oxide-qt
Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code-not-present)
|
bionic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [code-not-present])
|
|
upstream |
Not vulnerable
(code-not-present)
|
|
xenial |
Not vulnerable
(code-not-present)
|
|
yakkety |
Not vulnerable
(code-not-present)
|
|
zesty |
Not vulnerable
(code-not-present)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |