Vulnerabilities > CVE-2015-1474 - Numeric Errors vulnerability in Google Android
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/130778/androidunflatten-overflow.txt |
| id | PACKETSTORM:130778 |
| last seen | 2016-12-05 |
| published | 2015-03-12 |
| reporter | Guang Gong |
| source | https://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html |
| title | Google Android Integer Oveflow / Heap Corruption |
References
- http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html
- http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html
- http://seclists.org/fulldisclosure/2015/Mar/63
- http://seclists.org/fulldisclosure/2015/Mar/63
- http://www.securityfocus.com/bid/72788
- http://www.securityfocus.com/bid/72788
- http://www.securitytracker.com/id/1031875
- http://www.securitytracker.com/id/1031875
- https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091
- https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091
- https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf
- https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf