CVE-2016-0824

5.3 MEDIUM
Published: March 12, 2016 Modified: May 06, 2026
View on NVD

Description

libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://source.android.com/security/bulletin/2016-03-01.html
Source: security@android.com
Vendor Advisory
http://www.securityfocus.com/bid/84262
Source: security@android.com
https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3
Source: security@android.com
http://source.android.com/security/bulletin/2016-03-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/84262
Source: af854a3a-2127-422b-91ae-364da2661108
https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3
Source: af854a3a-2127-422b-91ae-364da2661108

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.2%
37th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200 CWE-254

Affected Vendors

google

Related CVEs

CVE-2026-6222 5.3
CVE-2026-40003 5.1
CVE-2026-44597 3.7
CVE-2026-6278 N/A
CVE-2026-41484 5.3