Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-1538

Good to know:

icon

Date: September 30, 2015

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Language: C++

Severity Score

Related Resources (11)

https://nvd.nist.gov/vuln/detail/CVE-2015-1538
https://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
http://www.securityfocus.com/bid/76052
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1538
https://www.exploit-db.com/exploits/38124/
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
http://www.huawei.com/en/psirt/security-advisories/hw-448928
http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.html
http://www.securitytracker.com/id/1033094
https://www.mend.io/vulnerability-database/CVE-2015-1538

Severity Score

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

icon

Upgrade Version

Upgrade to version android-5.1.1_r5

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us