Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-3827

Good to know:

icon

Date: September 30, 2015

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.

Language: C++

Severity Score

Related Resources (9)

https://nvd.nist.gov/vuln/detail/CVE-2015-3827
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
http://www.securityfocus.com/bid/76052
https://android.googlesource.com/platform/frameworks/av/+/f4a88c8ed4f8186b3d6e2852993e063fc33ff231
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3827
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
http://www.huawei.com/en/psirt/security-advisories/hw-448928
http://www.securitytracker.com/id/1033094
https://www.mend.io/vulnerability-database/CVE-2015-3827

Severity Score

Weakness Type (CWE)

Buffer Errors

CWE-119

Numeric Errors

CWE-189

Top Fix

icon

Upgrade Version

Upgrade to version android-5.1.1_r9

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us