Lucene search

[email protected]CVE-2015-1474

HistoryFeb 16, 2015 - 12:59 a.m.

CVE-2015-1474

2015-02-1600:59:06

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-1474

android

integer overflow

memory corruption

denial of service

nvd

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%

JSON

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.

Affected configurations

NVD

Node

googleandroidRange≤5.0

CPENameOperatorVersion
google:androidgoogle androidle5.0

CPE	Name	Operator	Version
google:android	google android	le	5.0

References

packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html

seclists.org/fulldisclosure/2015/Mar/63

www.securityfocus.com/bid/72788

www.securitytracker.com/id/1031875

android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091

www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2015-1474

prion1 cvelist1 nvd1 packetstorm1 nessus1