CVE-2016-6702
Publication date 25 November 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses libjpeg. Android ID: A-30259087.
Status
Package | Ubuntu Release | Status |
---|---|---|
android | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
chromium-browser | 18.04 LTS bionic | Ignored end of standard support |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
libjpeg6b | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
libjpeg9 | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
libjpeg-turbo | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
oxide-qt | 18.04 LTS bionic | Not in release |
16.04 LTS xenial | Ignored uses system libjpeg-turbo8 | |
14.04 LTS trusty | Not in release | |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |