Home > Vulnerability Database > CVE-2016-6702

Mend.io Vulnerability Database

CVE-2016-6702

Date: November 25, 2016

A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.

Severity Score

7.8

Related Resources (4)

Url: https://source.android.com/security/bulletin/2016-11-01.html

Url: http://www.securityfocus.com/bid/94160

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-6702

Url: https://www.mend.io/vulnerability-database/CVE-2016-6702

Severity Score

7.8

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-6702

Date: November 25, 2016

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?