CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
51.2%
Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption) via
a crafted media file, aka internal bug 20723696.
Author | Note |
---|---|
sbeattie | skia/libskia does garner mentions in the libhybris source memory overwrite when downsampling interlaced gif images |
android.googlesource.com/platform/external/skia/+/55ad31336a6de7037139820558c5de834797c09e%5E!/#F0
groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4
launchpad.net/bugs/cve/CVE-2015-3877
nvd.nist.gov/vuln/detail/CVE-2015-3877
security-tracker.debian.org/tracker/CVE-2015-3877
www.cve.org/CVERecord?id=CVE-2015-3877