What is the severity of CVE-2016-3918?

CVE-2016-3918 is classified as a high-severity vulnerability due to its potential to allow unauthorized access to arbitrary email attachments.

How do I fix CVE-2016-3918?

To fix CVE-2016-3918, ensure your Android device is updated with the latest security patches, specifically version 4.4.4 or later.

What versions of Android are affected by CVE-2016-3918?

CVE-2016-3918 affects Android versions 4.x prior to 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x or 7.0 before October 2016.

What type of attack does CVE-2016-3918 enable?

CVE-2016-3918 enables attackers to read arbitrary email attachments through crafted applications.

Is there a workaround for CVE-2016-3918 if I cannot update my device?

There is no recommended workaround for CVE-2016-3918; updating to a secure version is the only reliable solution.

Vulnerability/
CVE-2016-3918

medium

5.5

CWE

200

3/10/2016

10/10/2016

26/8/2024

CVE-2016-3918: Infoleak

First published: Mon Oct 03 2016(Updated: )

email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403.

Credit: security@android.com

Affected Software	Affected Version	How to fix
Android
Android	=4.0
Android	=4.0.1
Android	=4.0.2
Android	=4.0.3
Android	=4.0.4
Android	=4.1
Android	=4.1.2
Android	=4.2
Android	=4.2.1
Android	=4.2.2
Android	=4.3
Android	=4.3.1
Android	=4.4
Android	=4.4.1
Android	=4.4.2
Android	=4.4.3
Android	=5.0
Android	=5.0.1
Android	=5.1
Android	=5.1.0
Android	=6.0
Android	=6.0.1
Android	=7.0

Remedy

https://android.googlesource.com/platform/packages/apps/Email/+/6b2b0bd7c771c698f11d7be89c2c57c8722c7454

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3918?
CVE-2016-3918 is classified as a high-severity vulnerability due to its potential to allow unauthorized access to arbitrary email attachments.
How do I fix CVE-2016-3918?
To fix CVE-2016-3918, ensure your Android device is updated with the latest security patches, specifically version 4.4.4 or later.
What versions of Android are affected by CVE-2016-3918?
CVE-2016-3918 affects Android versions 4.x prior to 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x or 7.0 before October 2016.
What type of attack does CVE-2016-3918 enable?
CVE-2016-3918 enables attackers to read arbitrary email attachments through crafted applications.
Is there a workaround for CVE-2016-3918 if I cannot update my device?
There is no recommended workaround for CVE-2016-3918; updating to a secure version is the only reliable solution.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/references
agent/remedy
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/source
agent/tags
collector/android-source
source/Android
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/google
canonical/android
version/android/4.0
version/android/4.0.1
version/android/4.0.2
version/android/4.0.3
version/android/4.0.4
version/android/4.1
version/android/4.1.2
version/android/4.2
version/android/4.2.1
version/android/4.2.2
version/android/4.3
version/android/4.3.1
version/android/4.4
version/android/4.4.1
version/android/4.4.2
version/android/4.4.3
version/android/5.0
version/android/5.0.1
version/android/5.1
version/android/5.1.0
version/android/6.0
version/android/6.0.1
version/android/7.0