10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.954 High
EPSS
Percentile
99.4%
Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in
Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary
code via invalid size values of NAL units in MP4 data, aka internal bug
19641538.
Author | Note |
---|---|
jdstrand | as with previous stagefright issues, this issue affects Ubuntuβs android packages, but not in a way that is exposed to apps. See CVE-2015-1538 for details |
android.googlesource.com/platform/frameworks/av/+/d48f0f145f8f0f4472bc0af668ac9a8bce44ba9b
groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
launchpad.net/bugs/cve/CVE-2015-3832
nvd.nist.gov/vuln/detail/CVE-2015-3832
security-tracker.debian.org/tracker/CVE-2015-3832
www.cve.org/CVERecord?id=CVE-2015-3832