Vulnerabilities > CVE-2015-1538 - Numeric Errors vulnerability in Google Android

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

google

CWE-189

exploit available

NVD

Published: 2015-10-01

Updated: 2017-09-21

Summary

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android - Google Android 1.0 Google Android 1.1 Google Android 1.5 Google Android 1.6 Google Android 2.0 Google Android 2.0.1 Google Android 2.0.3 Google Android 2.1 Google Android 2.2 Google Android 2.2.1 Google Android 2.2.2 Google Android 2.2.3 Google Android 2.3 Google Android 2.3.1 Google Android 2.3.2 Google Android 2.3.3 Google Android 2.3.4 Google Android 2.3.5 Google Android 2.3.6 Google Android 2.3.7 Google Android 3.0 Google Android 3.1 Google Android 3.2 Google Android 3.2.1 Google Android 3.2.2 Google Android 3.2.4 Google Android 3.2.6 Google Android 4.0 Google Android 4.0.1 Google Android 4.0.2 Google Android 4.0.3 Google Android 4.0.4 Google Android 4.1 Google Android 4.1.1 Google Android 4.1.2 Google Android 4.2 Google Android 4.2.1 Google Android 4.2.2 Google Android 4.3 Google Android 4.3.1 Google Android 4.4 Google Android 4.4.1 Google Android 4.4.2 Google Android 4.4.3 Google Android 4.4.4 Google Android 5.0 Google Android 5.0.1 Google Android 5.0.2	51

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Android Stagefright - Remote Code Execution. CVE-2015-1538. Remote exploit for android platform
file	exploits/android/remote/38124.py
id	EDB-ID:38124
last seen	2016-02-04
modified	2015-09-09
platform	android
port
published	2015-09-09
reporter	Joshua J. Drake
source	https://www.exploit-db.com/download/38124/
title	Android Stagefright - Remote Code Execution
type	remote

Packetstorm

data source	https://packetstormsecurity.com/files/download/133521/androidstagefright-exec.txt
id	PACKETSTORM:133521
last seen	2016-12-05
published	2015-09-10
reporter	jduck
source	https://packetstormsecurity.com/files/133521/Android-Stagefright-Remote-Code-Execution.html
title	Android Stagefright Remote Code Execution

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:89388
last seen	2017-11-19
modified	2015-09-10
published	2015-09-10
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-89388
title	Android Stagefright Media Playback Engine 远程代码执行漏洞

The Hacker News

id	THN:75E875328988E7A8477652A8F3892840
last seen	2018-01-27
modified	2015-09-14
published	2015-09-14
reporter	Mohit Kumar
source	https://thehackernews.com/2015/09/hackernews-popular-updates.html
title	THN Weekly Roundup — 15 Most Popular Cyber Security and Hacking News Stories

id	THN:6EF19BF277B793F5A36108AF7A72F0D4
last seen	2018-01-27
modified	2015-09-11
published	2015-09-11
reporter	Khyati Jain
source	https://thehackernews.com/2015/09/stagefright-android-exploit-code.html
title	Android Stagefright Exploit Code Released

Vulnerabilities > CVE-2015-1538 - Numeric Errors vulnerability in Google Android

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

Seebug

The Hacker News

Related news

References