Vulnerabilities > CVE-2015-1539 - Numeric Errors vulnerability in Google Android
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
The Hacker News
id | THN:6EF19BF277B793F5A36108AF7A72F0D4 |
last seen | 2018-01-27 |
modified | 2015-09-11 |
published | 2015-09-11 |
reporter | Khyati Jain |
source | https://thehackernews.com/2015/09/stagefright-android-exploit-code.html |
title | Android Stagefright Exploit Code Released |
References
- http://www.huawei.com/en/psirt/security-advisories/hw-448928
- http://www.securityfocus.com/bid/76052
- http://www.securitytracker.com/id/1033094
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm
- https://android.googlesource.com/platform/frameworks/av/+/5e751957ba692658b7f67eb03ae5ddb2cd3d970c
- https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ