10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.954 High
EPSS
Percentile
99.4%
Multiple integer underflows in the ESDS::parseESDescriptor function in
ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote
attackers to execute arbitrary code via crafted ESDS atoms, aka internal
bug 20139950, a related issue to CVE-2015-4493.
Author | Note |
---|---|
jdstrand | please see CVE-2015-1538 for details until more information is public Ubuntu 14.04 is affected but no supported images use it |