Lucene search

Ubuntu.comUB:CVE-2015-3877

HistoryOct 06, 2015 - 12:00 a.m.

CVE-2015-3877

2015-10-0600:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

51.2%

JSON

Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption) via
a crafted media file, aka internal bug 20723696.

Notes

Author	Note
sbeattie	skia/libskia does garner mentions in the libhybris source memory overwrite when downsampling interlaced gif images

References

android.googlesource.com/platform/external/skia/+/55ad31336a6de7037139820558c5de834797c09e%5E!/#F0

groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4

launchpad.net/bugs/cve/CVE-2015-3877

nvd.nist.gov/vuln/detail/CVE-2015-3877

security-tracker.debian.org/tracker/CVE-2015-3877

www.cve.org/CVERecord?id=CVE-2015-3877

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

51.2%

JSON

Related for UB:CVE-2015-3877