CVE-2015-3829

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3829
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.huawei.com/en/psirt/security-advisories/hw-448928
http://www.securityfocus.com/bid/76052
http://www.securitytracker.com/id/1033094
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
https://android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859 Vendor Advisory
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/hw-448928
http://www.securityfocus.com/bid/76052
http://www.securitytracker.com/id/1033094
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
https://android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859 Vendor Advisory
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:29

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/hw-448928 - () http://www.huawei.com/en/psirt/security-advisories/hw-448928 -
References () http://www.securityfocus.com/bid/76052 - () http://www.securityfocus.com/bid/76052 -
References () http://www.securitytracker.com/id/1033094 - () http://www.securitytracker.com/id/1033094 -
References () http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm - () http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm -
References () https://android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859 - Vendor Advisory () https://android.googlesource.com/platform/frameworks/av/+/2674a7218eaa3c87f2ee26d26da5b9170e10f859 - Vendor Advisory
References () https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ - Vendor Advisory () https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ - Vendor Advisory
Information

Published : 2015-10-01 00:59

Updated : 2024-11-21 02:29

NVD link : CVE-2015-3829

Mitre link : CVE-2015-3829

CVE.ORG link : CVE-2015-3829

JSON object : View

Products Affected

google

  • android
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024