Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2015-3836
HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-3836

2015-10-0100:59:20
CWE-189
[email protected]
web.nvd.nist.gov
28
cve-2015-3836
android
sonivox
dls-to-eas converter
remote code execution
denial of service
buffer overflow
xmf data
security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.

Affected configurations

NVD
Node
googleandroidRangeโ‰ค5.1
CPENameOperatorVersion
google:androidgoogle androidle5.1

Related

android 1
cvelist 1
nvd 1
prion 1
androidsecurity 1
android
android
CVE-2015-3836
2015-08-01 00:00:00
cvelist
cvelist
CVE-2015-3836
2015-10-01 00:00:00
nvd
nvd
CVE-2015-3836
2015-10-01 00:59:20
prion
prion
Buffer overflow
2015-10-01 00:59:00
androidsecurity
androidsecurity
Nexus Security Bulletinโ€”August 2015
2015-08-13 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON
Related for CVE-2015-3836
android1cvelist1nvd1prion1androidsecurity1