Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

CPENameOperatorVersion
androidle5.1

CPE	Name	Operator	Version
	android	le	5.1

References

android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398

android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2015-08-01.html

ubuntucve 71

prion 3

cve 3

openvas 4

mozilla 1

seebug 1

zdt 1

packetstorm 1

exploitpack 1

threatpost 1

exploitdb 1

thn 2

githubexploit 1

checkpoint_advisories 1

veracode 1

nessus 8

redhat 1

centos 1

android 1

huawei 1

cert 1

kaspersky 1

freebsd 1

androidsecurity 1

securityvulns 1

mageia 1

ubuntucve

CVE-2015-1538

2015-10-01 00:00:00

CVE-2015-4496

2015-08-16 00:00:00

CVE-2017-0556

2017-04-07 00:00:00

prion

Integer overflow

2015-10-01 00:59:00

Integer overflow

2015-08-16 01:59:00

Integer overflow

2015-10-01 00:59:00

cve

CVE-2015-1538

2015-10-01 00:59:00

CVE-2015-4496

2015-08-16 01:59:00

CVE-2015-6575

2015-10-01 00:59:00

openvas

Mozilla Firefox Security Advisory (MFSA2015-93) - Linux

2021-11-11 00:00:00

Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Mac OS X

2015-05-21 00:00:00

Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Windows

2015-05-21 00:00:00

mozilla

Integer overflows in libstagefright while processing MP4 video metadata — Mozilla

2015-08-12 00:00:00

seebug

Android Stagefright Media Playback Engine 远程代码执行漏洞

2015-09-10 00:00:00

zdt

Android Stagefright - Remote Code Execution Exploit

2015-09-09 00:00:00

packetstorm

Android Stagefright Remote Code Execution

2015-09-10 00:00:00

exploitpack

Google Android - Stagefright Remote Code Execution

2015-09-09 00:00:00

threatpost

Android Stagefright Exploit Code Released to Public

2015-09-09 12:06:08

exploitdb

Google Android - 'Stagefright' Remote Code Execution

2015-09-09 00:00:00

thn

THN Weekly Roundup — 15 Most Popular Cyber Security and Hacking News Stories

2015-09-14 10:34:00

Android Stagefright Exploit Code Released

2015-09-11 02:11:00

githubexploit

Exploit for CVE-2015-1538

2020-05-12 17:59:48

checkpoint_advisories

Google Android Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829; CVE-2015-3864)

2015-08-12 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:39:10

nessus

RHEL 5 / 6 / 7 : firefox (RHSA-2015:0988)

2015-05-13 00:00:00

CentOS 5 / 6 / 7 : firefox (CESA-2015:0988)

2015-05-13 00:00:00

Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-0988)

2015-05-13 00:00:00

redhat

(RHSA-2015:0988) Critical: firefox security update

2015-05-12 00:00:00

centos

firefox security update

2015-05-13 00:01:13

android

Stagefright

2015-07-21 00:00:00

huawei

Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products

2015-08-09 00:00:00

cert

Android Stagefright contains multiple vulnerabilities

2015-07-28 00:00:00

kaspersky

KLA10584 Multiple vulnerabilities in Mozilla products

2015-05-12 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2015-05-12 00:00:00

androidsecurity

Nexus Security Bulletin—August 2015

2015-08-13 00:00:00

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey / Firefox OS multiple security vulnerabilities

2015-08-31 00:00:00

mageia

Updated iceape packages fix security vulnerabilities

2015-09-08 10:20:40

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for ANDROID:CVE-2015-1538