VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Jan 12, 2017· Updated May 6, 2026

CVE-2016-6765

CVE-2016-6765

Description

A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial of service vulnerability in libstagefright allows remote attackers to cause device hang or reboot via a specially crafted file.

Vulnerability

A denial of service vulnerability exists in the libstagefright library within Android's Mediaserver. The bug can be triggered when processing a specially crafted media file, leading to a device hang or reboot. Affected versions include Android 4.4.4, 5.0.2, 5.1.1, and 7.0 [1].

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted file to the target device, for example via MMS, email, or a malicious website. No authentication is required, and the attack can be performed remotely. The file is processed by Mediaserver, triggering the flaw and causing the device to hang or reboot [1].

Impact

Successful exploitation results in a denial of service, causing the device to become unresponsive or reboot. This can disrupt user activity and potentially lead to loss of unsaved data. The impact is limited to temporary unavailability of the device [1].

Mitigation

Google addressed this vulnerability in the Android Security Bulletin for December 2016. Users should apply the security update for their device as soon as it becomes available. No workarounds are documented; the fix is included in the monthly security patch level [1].

References
  1. Android Security Bulletin—December 2016

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

26
  • Google/Android25 versions
    cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    • (no CPE)range: Android-4.4.4
  • Mozilla Corporation/libstagefrightllm-fuzzy
    Range: 4.4.4, 5.0.2, 5.1.1, 7.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.