Vulnerabilities > CVE-2015-3827 - Numeric Errors vulnerability in Google Android

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
google
CWE-189
NVD
Published: 2015-10-01
Updated: 2024-11-21

Summary

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.

Vulnerable Configurations

Part Description Count
OS
Google
52

Common Weakness Enumeration (CWE)

The Hacker News

idTHN:6EF19BF277B793F5A36108AF7A72F0D4
last seen2018-01-27
modified2015-09-11
published2015-09-11
reporterKhyati Jain
sourcehttps://thehackernews.com/2015/09/stagefright-android-exploit-code.html
titleAndroid Stagefright Exploit Code Released

References