CVE-2016-10420 Details

CVE-2016-10420

Published: 2018-04-18
Last Modified: 2018-05-02
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while playing back a .flv clip which doesn't have an inbuilt seek table, a dynamic index table access is out of bounds and leads to crash.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7.1/10
Exploit Score 8.6/10
Access Vector Network
Access Complexity Medium
Authentication None
Impact Score 6.9/10
Confidentiality Impact None
Availability Impact Complete
Integrity Impact None
Vector String AV:N/AC:M/Au:N/C:N/I:N/A:C
Common Vulnerability Score System v3.1
Severity Medium
Base Score 5.5/10
Exploit Score 1.8/10
Access Vector Local
Access Complexity Low
Privileges Required None
Impact Score 3.6/10
Confidentiality Impact None
Availability Impact High
Integrity Impact None
Scope Unchanged
User Interaction Required
Vector String CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:* No - -
References

http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01

CVE ID
CVE-2016-10420
Published
2018-04-18
Modified
2018-05-02
CVSSv2.0
High
CVSSv3.1
Medium
PCI Compliance
Pass
US-CERT Alert
No
CWE
CWE-119

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.