Lucene search

[email protected]CVE-2015-7897

HistoryNov 16, 2015 - 7:59 p.m.

CVE-2015-7897

2015-11-1619:59:06

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-7897

android

samsung galaxy s6 edge

media scanning

memory corruption

denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.076 Low

EPSS

Percentile

94.2%

JSON

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.

Affected configurations

NVD

Node

samsunggalaxy_s6Match-

CPENameOperatorVersion
samsung:galaxy_s6samsung galaxy s6eq-

CPE	Name	Operator	Version
samsung:galaxy_s6	samsung galaxy s6	eq	-

References

googleprojectzero.blogspot.com/2015/11/hack-galaxy-hunting-bugs-in-samsung.html

packetstormsecurity.com/files/134199/Samsung-Galaxy-S6-Android.media.process-Face-Recognition-Memory-Corruption.html

code.google.com/p/google-security-research/issues/detail?id=499&q=samsung

www.exploit-db.com/exploits/38611/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.076 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2015-7897

prion1 nvd1 cvelist1 googleprojectzero1