The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
References
Link | Resource |
---|---|
https://alephsecurity.com/vulns/aleph-2015003 | Third Party Advisory |
https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf | Technical Description Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-03-29 18:29
Updated : 2024-02-28 16:25
NVD link : CVE-2015-2002
Mitre link : CVE-2015-2002
CVE.ORG link : CVE-2015-2002
JSON object : View
Products Affected
esri
- arcgisruntime_sdk
CWE
CWE-118
Incorrect Access of Indexable Resource ('Range Error')