Android Buffer Overflow Vulnerability (CNVD-2015-06605)

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. A buffer overflow vulnerability exists in LMY48I, a version of Android prior to 5.1.1. Allowing an attacker to execute arbitrary code via a crafted application...

Android Denial of Service Vulnerability

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. A denial of service vulnerability exists in Android versions prior to 5.1.1, LMY48I. Allows remote attackers to execute arbitrary code or cause a denial of service via...

CVE-2015-1539

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493...

Buffer overflow

Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516...

Buffer overflow

The Parsewave function in arm-wt-22k/libsrc/easmdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via crafted XMF...

CVE-2015-3834

Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug...

CVE-2015-3828

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark BOM, which allows remote attackers to execute arbitrary code or cause a denial of service integer...

CVE-2015-1538

CVE-2015-1538 affects libstagefright (Android) via an integer overflow in the SampleTable::setSampleToChunkParams handling of MP4 atoms. The issue occurs in libstagefright before Android 5.1.1 LMY48I and can enable remote code execution through crafted MP4 data. The documented impact is remote co...

CVE-2015-3834

Technical details about CVE-2015-3834 are not publicly available in the provided connected documents. The initial entry describes the vulnerability but lacks corroborating specifics in the connected sources. Monitor for updates and new disclosures.

CVE-2015-1539

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493...