Lucene search

[email protected]CVE-2015-6602

HistoryOct 02, 2015 - 2:59 a.m.

CVE-2015-6602

2015-10-0202:59:04

CWE-20

[email protected]

web.nvd.nist.gov

android

libutils

remote code execution

mp3

mp4

cve-2015-6602

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

Affected configurations

NVD

Node

googleandroidRange≤5.1.1

CPENameOperatorVersion
google:androidgoogle androidle5.1.1

CPE	Name	Operator	Version
google:android	google android	le	5.1.1

References

www.securitytracker.com/id/1033725

blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/

support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-notes

threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2015-6602

threatpost1 cvelist1 nvd1 debiancve1 prion1 android2 thn1 ubuntucve1 cert1 androidsecurity1