Lucene search

Androidvulnerabilities.orgANDROID:CVE-2015-3828

HistoryAug 01, 2015 - 12:00 a.m.

CVE-2015-3828

2015-08-0100:00:00

androidvulnerabilities.org

www.androidvulnerabilities.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.

CPENameOperatorVersion
androidlt5.0 and above

CPE	Name	Operator	Version
	android	lt	5.0 and above

References

android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1

nvd.nist.gov/vuln/data-feeds

source.android.com/security/bulletin/2015-08-01.html

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for ANDROID:CVE-2015-3828