CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2015-6575
https://notcve.org/view.php?id=CVE-2015-6575
01 Oct 2015 — SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917. SampleTable.cpp en libstagefright en Android en versio... • https://android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 17%CPEs: 1EXPL: 2CVE-2015-1528
https://notcve.org/view.php?id=CVE-2015-1528
01 Oct 2015 — Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. Desbordamiento de entero en la función native_handle_create en libcutils/native_handle.c en Android en versiones anteriores a 5.1.1 LMY48M, permite a atacantes obtener privilegios de una aplicación diferente o provocar ... • https://github.com/secmob/PoCForCVE-2015-1528 • CWE-189: Numeric Errors •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1536
https://notcve.org/view.php?id=CVE-2015-1536
01 Oct 2015 — Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945. Desbordamiento de entero en la función Bitmap_createFromParcel en core/jni/Android/graphics/Bitmap.cpp en Android en versiones anteriores a 5.1.1 LMY48I... • https://android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2015-1539
https://notcve.org/view.php?id=CVE-2015-1539
01 Oct 2015 — Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. Desbordamientos de entero múltiple en la función ESDS::parseESDescriptor en ESDS.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I, permite a atacantes remotos ejecutar código arbitrario a través de atoms ESDS manipulados, tamb... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1541
https://notcve.org/view.php?id=CVE-2015-1541
01 Oct 2015 — The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. La implementación de AppWidgetServiceImpl en com/android/server/appwidget/AppWidgetSe... • https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2015-3824
https://notcve.org/view.php?id=CVE-2015-3824
01 Oct 2015 — The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. La función MPEG4Extractor::parseChunk en MPEG4Extractor.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I no restringe adecuadamente el tamaño de la sum... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3826
https://notcve.org/view.php?id=CVE-2015-3826
01 Oct 2015 — The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. La función MPEG4Extractor::parse3GPPMetaData en MPEG4Extractor.cpp en libstagefright en And... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2015-3827
https://notcve.org/view.php?id=CVE-2015-3827
01 Oct 2015 — The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. La función MPEG4Extractor::parseChunk en MPEG4Extractor.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I no valida la rela... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 17%CPEs: 1EXPL: 0CVE-2015-3828
https://notcve.org/view.php?id=CVE-2015-3828
01 Oct 2015 — The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. La función MPEG4Extractor::parse3GPPMetaData en MPEG4Extractor.cpp en libstagefright en Andr... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 17%CPEs: 1EXPL: 0CVE-2015-3829
https://notcve.org/view.php?id=CVE-2015-3829
01 Oct 2015 — Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. Error por un paso en la función MPEG4Extractor::parseChunk en MPEG4Extractor.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I, permite a atacantes rem... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-189: Numeric Errors •