CVE-2016-2487

Description

libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.

Category

7.8
CVSS
Severity: High
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.07%
Vendor Advisory android.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab
https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944
https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12
http://source.android.com/security/bulletin/2016-06-01.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2016-2487?
CVE-2016-2487 has been scored as a high severity vulnerability.
How to fix CVE-2016-2487?
To fix CVE-2016-2487, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-2487 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2016-2487 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.