Lucene search

[email protected]CVE-2015-3827

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-3827

2015-10-0100:59:11

CWE-119

CWE-189

[email protected]

web.nvd.nist.gov

mpeg4extractor

parsechunk

libstagefright

android

cve-2015-3827

nvd

vulnerability

code execution

denial of service

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.386 Low

EPSS

Percentile

97.3%

JSON

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.

Affected configurations

NVD

Node

googleandroidRange≤5.1

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

www.huawei.com/en/psirt/security-advisories/hw-448928

www.securityfocus.com/bid/76052

www.securitytracker.com/id/1033094

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

android.googlesource.com/platform/frameworks/av/+/f4a88c8ed4f8186b3d6e2852993e063fc33ff231

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.386 Low

EPSS

Percentile

97.3%

JSON

Related for CVE-2015-3827

cvelist1 nvd1 prion1 android2 ubuntucve1 checkpoint_advisories1 thn1 huawei1 cert1 androidsecurity1