CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2016-7990

CVSS 9.8v3.0pub. 2016-10-31upd. 2026-05-06

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    4.2.24.34.3.14.44.4.14.4.24.4.34.4.45.05.0.15.0.25.15.1.05.1.16.0+ 1 więcej
  • Samsung Galaxy S4

    HW
    Samsung
    wszystkie wersje
  • Samsung Galaxy S4 Mini

    HW
    Samsung
    wszystkie wersje
  • Samsung Galaxy S5

    HW
    Samsung
    wszystkie wersje
  • Samsung Galaxy S6

    HW
    Samsung
    wszystkie wersje
  • Samsung Galaxy S7

    HW
    Samsung
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...