Home > Vulnerability Database > CVE-2015-3827

Mend.io Vulnerability Database

CVE-2015-3827

Good to know:

Date: September 30, 2015

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.

Language: C++

Severity Score

5.0

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3827

Url: https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

Url: http://www.securityfocus.com/bid/76052

Url: https://android.googlesource.com/platform/frameworks/av/+/f4a88c8ed4f8186b3d6e2852993e063fc33ff231

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3827

Url: http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

Url: http://www.huawei.com/en/psirt/security-advisories/hw-448928

Url: http://www.securitytracker.com/id/1033094

Url: https://www.mend.io/vulnerability-database/CVE-2015-3827

Severity Score

5.0

Weakness Type (CWE)

Buffer Errors

CWE-119

Numeric Errors

CWE-189

Top Fix

Upgrade Version

Upgrade to version android-5.1.1_r9

Learn More

CVSS v3

Base Score:	5.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	7.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-3827

Good to know:

Date: September 30, 2015

Language: C++

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?