Lucene search

[email protected]CVE-2015-3828

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-3828

2015-10-0100:59:12

CWE-119

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-3828

android

libstagefright

remote code execution

3gpp metadata

integer underflow

memory corruption

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.309 Low

EPSS

Percentile

97.0%

JSON

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.

Affected configurations

NVD

Node

googleandroidRange≤5.1

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

www.huawei.com/en/psirt/security-advisories/hw-448928

www.securityfocus.com/bid/76052

www.securitytracker.com/id/1033094

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.309 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2015-3828

android2 prion2 nvd2 cvelist2 cve1 ubuntucve2 checkpoint_advisories2 thn1 huawei1 cert1 androidsecurity1