CVE-2016-6702
Published: 25 November 2016
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.
Notes
Author | Note |
---|---|
jdstrand | libjpeg on android. chromium-browser uses system libjpeg |
mdeslaur | PoC is here: https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-6702 libjpeg-turbo in Debian/Ubuntu has a stub for jpeg_open_backing_store this is an issue in the android ashmem backing store |
Priority
Status
Package | Release | Status |
---|---|---|
android Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.4.4, 5.0.2, 5.1.1)
|
|
xenial |
Ignored
(abandoned)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
chromium-browser Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Ignored
(end of standard support)
|
|
trusty |
Does not exist
(trusty was ignored [uses system libjpeg-turbo8])
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(code not present)
|
|
libjpeg-turbo Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not present)
|
bionic |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Not vulnerable
(code not present)
|
|
zesty |
Not vulnerable
(code not present)
|
|
libjpeg6b Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not present)
|
bionic |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Not vulnerable
(code not present)
|
|
zesty |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
libjpeg9 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not present)
|
bionic |
Not vulnerable
(code not present)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
yakkety |
Not vulnerable
(code not present)
|
|
zesty |
Not vulnerable
(code not present)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(uses system libjpeg-turbo8)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |