Lucene search

[email protected]CVE-2015-3829

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-3829

2015-10-0100:59:13

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-3829

off-by-one error

mpeg4extractor

libstagefright

android security

integer overflow

memory corruption

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.267 Low

EPSS

Percentile

96.8%

JSON

Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.

Affected configurations

NVD

Node

googleandroidRange≤5.1

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

www.huawei.com/en/psirt/security-advisories/hw-448928

www.securityfocus.com/bid/76052

www.securitytracker.com/id/1033094

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.267 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2015-3829

prion1 nvd1 android2 cvelist1 ubuntucve1 checkpoint_advisories1 thn1 huawei1 cert1 androidsecurity1