CVE-2015-1539

2015-09-30 01:00:00 2017-09-21 03:29:03

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Google Android 5.1 (not an official CPE)

Google - Android

Advisory	Patch	Confirmed	Link
			https://android.googlesource.com/platform/frameworks/av/...
			http://www1.huawei.com/en/security/psirt/security-bullet...
			1033094
			http://www.huawei.com/en/psirt/security-advisories/hw-44...
			76052
			[android-security-updates] 20150812 Nexus Security Bulle...

Numeric Errors (ID 189)

Related CVE(s) 1 CVE-2015-4493 CVSS 9.3