VYPR
Critical severity9.8NVD Advisory· Published Jul 11, 2016· Updated Jun 17, 2026

CVE-2016-2506

CVE-2016-2506

Description

DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28175045.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

23
  • Google/Android23 versions
    cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*+ 22 more
    • cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • (no CPE)range: 4.0-4.4.3, 5.0-5.0.1, 5.1-5.1.0, 6.0-6.0.1 (before 2016-07-01)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.