CVE-2015-1538

2015-09-30 01:00:00 2017-09-21 03:29:02

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Google Android 5.1 (not an official CPE)

Google - Android

Advisory	Patch	Confirmed	Link
			[android-security-updates] 20150812 Nexus Security Bulle...
			https://android.googlesource.com/platform/frameworks/av/...
			1033094
			http://www1.huawei.com/en/security/psirt/security-bullet...
			76052
			http://www.huawei.com/en/psirt/security-advisories/hw-44...
			http://packetstormsecurity.com/files/134131/Libstagefrig...
			38124

Numeric Errors (ID 189)

Related CVE(s) 1 CVE-2015-4496 CVSS 9.3