Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-1538

Good to know:

icon

Date: September 30, 2015

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Language: C++

Severity Score

Related Resources (11)

https://nvd.nist.gov/vuln/detail/CVE-2015-1538
https://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
http://www.securityfocus.com/bid/76052
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1538
https://www.exploit-db.com/exploits/38124/
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
http://www.huawei.com/en/psirt/security-advisories/hw-448928
http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.html
http://www.securitytracker.com/id/1033094
https://www.mend.io/vulnerability-database/CVE-2015-1538

Severity Score

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

icon

Upgrade Version

Upgrade to version android-5.1.1_r5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us