Multiple integer underflows in the ESDS::parseESDescriptor function in
ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote
attackers to execute arbitrary code via crafted ESDS atoms, aka internal
bug 20139950, a related issue to CVE-2015-4493.

Notes

Author	Note
jdstrand	please see CVE-2015-1538 for details until more information is public Ubuntu 14.04 is affected but no supported images use it

References

launchpad.net/bugs/cve/CVE-2015-1539

nvd.nist.gov/vuln/detail/CVE-2015-1539

plus.google.com/+CyanogenMod/posts/7iuX21Tz7n8

security-tracker.debian.org/tracker/CVE-2015-1539

www.cve.org/CVERecord?id=CVE-2015-1539

cvelist 5

nvd 5

cve 5

ubuntucve 71

prion 5

android 3

zdt 1

seebug 1

exploitpack 1

packetstorm 1

threatpost 1

exploitdb 1

checkpoint_advisories 2

huawei 1

thn 2

mozilla 1

openvas 18

githubexploit 1

cert 1

androidsecurity 1

debian 1

nessus 19

veracode 9

oraclelinux 1

centos 1

mageia 1

redhat 1

ubuntu 3

freebsd 1

archlinux 1

suse 2

kaspersky 1

ibm 3

securityvulns 1

gentoo 1

cvelist

CVE-2015-1539

2015-10-01 00:00:00

CVE-2015-4493

2015-08-16 01:00:00

CVE-2015-1538

2015-10-01 00:00:00

nvd

CVE-2015-4493

2015-08-16 01:59:21

CVE-2015-1539

2015-10-01 00:59:07

CVE-2015-1538

2015-10-01 00:59:06

cve

CVE-2015-1539

2015-10-01 00:59:07

CVE-2015-4493

2015-08-16 01:59:21

CVE-2015-4496

2015-08-16 01:59:22

ubuntucve

CVE-2015-4493

2015-08-11 00:00:00

CVE-2017-0556

2017-04-07 00:00:00

CVE-2017-0555

2017-04-07 00:00:00

prion

Heap overflow

2015-08-16 01:59:00

Integer overflow

2015-10-01 00:59:00

Integer overflow

2015-10-01 00:59:00

android

CVE-2015-1539

2015-08-01 00:00:00

CVE-2015-1538

2015-08-01 00:00:00

Stagefright

2015-07-21 00:00:00

zdt

Android Stagefright - Remote Code Execution Exploit

2015-09-09 00:00:00

seebug

Android Stagefright Media Playback Engine 远程代码执行漏洞

2015-09-10 00:00:00

exploitpack

Google Android - Stagefright Remote Code Execution

2015-09-09 00:00:00

packetstorm

Android Stagefright Remote Code Execution

2015-09-10 00:00:00

threatpost

Android Stagefright Exploit Code Released to Public

2015-09-09 12:06:08

exploitdb

Google Android - 'Stagefright' Remote Code Execution

2015-09-09 00:00:00

checkpoint_advisories

Google Android Stagefright MP4 Multiple Atoms Integer Underflow (CVE-2015-1539; CVE-2015-3827)

2015-08-12 00:00:00

Google Android Stagefright MP4 Multiple Atoms Integer Overflow (CVE-2015-1538; CVE-2015-3824; CVE-2015-3829; CVE-2015-3864)

2015-08-12 00:00:00

huawei

Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products

2015-08-09 00:00:00

thn

Android Stagefright Exploit Code Released

2015-09-11 02:11:00

THN Weekly Roundup — 15 Most Popular Cyber Security and Hacking News Stories

2015-09-14 10:34:00

mozilla

Overflow issues in libstagefright — Mozilla

2015-08-11 00:00:00

openvas

Mozilla Firefox Security Advisory (MFSA2015-83) - Linux

2021-11-11 00:00:00

Debian Security Advisory DSA 3333-1 (iceweasel - security update)

2015-08-12 00:00:00

Debian: Security Advisory (DSA-3333-1)

2015-08-11 00:00:00

githubexploit

Exploit for CVE-2015-1538

2020-05-12 17:59:48

cert

Android Stagefright contains multiple vulnerabilities

2015-07-28 00:00:00

androidsecurity

Nexus Security Bulletin—August 2015

2015-08-13 00:00:00

debian

[SECURITY] [DSA 3333-1] iceweasel security update

2015-08-12 10:24:11

nessus

Debian DSA-3333-1 : iceweasel - security update

2015-08-13 00:00:00

Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)

2015-08-12 00:00:00

RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)

2015-08-12 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 05:41:47

Arbitrary Code Execution

2019-05-02 05:41:49

Arbitrary Code Execution

2019-05-02 05:41:47

oraclelinux

firefox security update

2015-08-11 00:00:00

centos

firefox security update

2015-08-11 20:36:44

mageia

Updated firefox packages fixes security vulnerabilities

2015-08-11 23:22:53

redhat

(RHSA-2015:1586) Critical: firefox security update

2015-08-11 00:00:00

ubuntu

Firefox vulnerabilities

2015-08-11 00:00:00

Firefox regression

2015-08-20 00:00:00

Ubufox update

2015-08-11 00:00:00

freebsd

mozilla -- multiple vulnerabilities

2015-08-11 00:00:00

archlinux

firefox: multiple issues

2015-08-12 00:00:00

suse

Security update for MozillaFirefox (important)

2015-08-14 19:10:03

Security update for MozillaFirefox (important)

2015-08-14 19:09:37

kaspersky

KLA10643 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2015-08-11 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:30:13

Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS

2018-06-18 00:09:55

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified

2018-06-18 00:09:54

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey / Firefox OS multiple security vulnerabilities

2015-08-31 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2016-05-31 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.954 High

EPSS

Percentile

99.4%

JSON

Related for UB:CVE-2015-1539