CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
Off-by-one error in the MPEG4Extractor::parseChunk function in
MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows
remote attackers to execute arbitrary code or cause a denial of service
(integer overflow and memory corruption) via crafted MPEG-4 covr atoms with
a size equal to SIZE_MAX, aka internal bug 20923261.
Author | Note |
---|---|
jdstrand | please see CVE-2015-1538 for details until more information is public Ubuntu 14.04 is affected but no supported images use it |