Lucene search

[email protected]CVE-2015-6575

HistoryOct 01, 2015 - 12:59 a.m.

CVE-2015-6575

2015-10-0100:59:32

CWE-189

[email protected]

web.nvd.nist.gov

android

libstagefright

cve-2015-6575

remote code execution

integer overflow

memory corruption

mp4

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON

SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917.

Affected configurations

NVD

Node

googleandroidRange≤5.1

CPENameOperatorVersion
google:androidgoogle androidle5.1

CPE	Name	Operator	Version
google:android	google android	le	5.1

References

android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d

groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2015-6575

ubuntucve71 nvd6 prion6 cvelist6 cve5 symantec1 exploitpack1 seebug1 zdt1 threatpost1 packetstorm1 exploitdb1 android2 thn2 githubexploit1 checkpoint_advisories1 huawei1 cert1 androidsecurity1