Lucene search

[email protected]CVE-2015-1536

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-1536

2015-10-0100:59:05

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-1536

integer overflow

bitmap_createfromparcel

android

denial of service

memory content

vulnerability

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945.

Affected configurations

NVD

Node

googleandroidRange≤5.1

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Related for CVE-2015-1536

cvelist1 ubuntucve1 prion1 nvd1 androidsecurity1