Multiple integer overflows in the addVorbisCodecInfo function in
matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android
before 5.1.1 LMY48M allow remote attackers to cause a denial of service
(device inoperability) via crafted Matroska data, aka internal bug
21296336.
Author | Note |
---|---|
jdstrand | as with previous stagefright issues, this issue affects Ubuntu’s android packages, but not in a way that is exposed to apps. See CVE-2015-1538 for details |
android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0
groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ
launchpad.net/bugs/cve/CVE-2015-3861
nvd.nist.gov/vuln/detail/CVE-2015-3861
security-tracker.debian.org/tracker/CVE-2015-3861
www.cve.org/CVERecord?id=CVE-2015-3861