CVE-2016-10441
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, improper offset validation leads to buffer overflow in video parser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Qualcomm video parser due to improper offset validation in Android before April 2018 security patch, affecting multiple Snapdragon chipsets.
Vulnerability
A buffer overflow vulnerability exists in the video parser component of Qualcomm Snapdragon Mobile and Snapdragon Wear platforms. The issue arises from improper offset validation, allowing an attacker to trigger a buffer overflow by supplying a maliciously crafted video file. Affected chipsets include MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20. The vulnerability affects Android versions before the 2018-04-05 security patch level [1].
Exploitation
An attacker can exploit the vulnerability by enticing a user to open a specially crafted video file. No additional privileges or authentication are required beyond user interaction. The crafted video file triggers the improper offset validation, leading to a buffer overflow in the video parser [1].
Impact
Successful exploitation could allow an attacker to execute arbitrary code in the context of a privileged process (such as the media server or kernel), potentially leading to a complete compromise of the device. This can result in unauthorized access to sensitive data, capability to install malicious apps, and persistent control over the device [1].
Mitigation
The vulnerability was fixed in the Android security patch level dated 2018-04-05. Users are advised to apply the latest Android security updates from their device manufacturer. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <2018-04-05 security patch level
- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.