Lucene search

[email protected]CVE-2015-8506

HistoryDec 08, 2015 - 11:59 p.m.

CVE-2015-8506

2015-12-0823:59:20

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-8506

android

mediaserver

remote code execution

denial of service

memory corruption

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.6%

JSON

mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507.

Affected configurations

NVD

Node

googleandroidRange5.0–5.1.1

googleandroidMatch6.0

CPENameOperatorVersion
google:androidgoogle androidlt5.1.1
google:androidgoogle androideq6.0

CPE	Name	Operator	Version
google:android	google android	lt	5.1.1
google:android	google android	eq	6.0

References

source.android.com/security/bulletin/2015-12-01.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.6%

JSON

Related for CVE-2015-8506

cvelist4 nvd4 cve3 prion4 android1 ubuntucve4 threatpost1 androidsecurity1