CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2015-3876
https://notcve.org/view.php?id=CVE-2015-3876
02 Oct 2015 — libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. libstagefright en Android hasta la versión 5.1.1 LMY48M permite a atacantes remotos ejecutar código arbitario a través de metadatos manipulados en un archivo (1) MP3 o (2) MP4. • http://twitter.com/4Dgifts/statuses/649589185792339968 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3836
https://notcve.org/view.php?id=CVE-2015-3836
01 Oct 2015 — The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. La función Parse_wave en arm-wt-22k/lib_src/eas_mdls.c en el convertidor Sonivox DLS-to-EAS en Android en versiones anteriores a 5.1.1 LMY48I no rechaza un valor negativo para u... • https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1541
https://notcve.org/view.php?id=CVE-2015-1541
01 Oct 2015 — The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. La implementación de AppWidgetServiceImpl en com/android/server/appwidget/AppWidgetSe... • https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3843
https://notcve.org/view.php?id=CVE-2015-3843
01 Oct 2015 — The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171. El framework SIM Toolkit (STK) en Android en versiones anteriores a 5.1.1 LMY48I permite a atacantes (1) interceptar o (2) emular comandos Telephony STK SIM no especificados a través de una aplicación que envía un Intent ... • https://android.googlesource.com/platform/frameworks/base/+/a5e904e7eb3aaec532de83ca52e24af18e0496b4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1528
https://notcve.org/view.php?id=CVE-2015-1528
01 Oct 2015 — Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. Desbordamiento de entero en la función native_handle_create en libcutils/native_handle.c en Android en versiones anteriores a 5.1.1 LMY48M, permite a atacantes obtener privilegios de una aplicación diferente o provocar ... • https://github.com/secmob/PoCForCVE-2015-1528 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0CVE-2015-3824
https://notcve.org/view.php?id=CVE-2015-3824
01 Oct 2015 — The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. La función MPEG4Extractor::parseChunk en MPEG4Extractor.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I no restringe adecuadamente el tamaño de la sum... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3844
https://notcve.org/view.php?id=CVE-2015-3844
01 Oct 2015 — The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445. El método getProcessRecordLocked en services/core/java/com/android/server/am/ActivityManagerService.java en ActivityManager en Android en versiones anteriores a 5.1.1 LMY48I permi... • https://android.googlesource.com/platform/frameworks/base/+/e3cde784e3d99966f313fe00dcecf191f6a44a31 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 26%CPEs: 1EXPL: 0CVE-2015-3829
https://notcve.org/view.php?id=CVE-2015-3829
01 Oct 2015 — Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. Error por un paso en la función MPEG4Extractor::parseChunk en MPEG4Extractor.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I, permite a atacantes rem... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 24%CPEs: 1EXPL: 0CVE-2015-3828
https://notcve.org/view.php?id=CVE-2015-3828
01 Oct 2015 — The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. La función MPEG4Extractor::parse3GPPMetaData en MPEG4Extractor.cpp en libstagefright en Andr... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3834
https://notcve.org/view.php?id=CVE-2015-3834
01 Oct 2015 — Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489. Múltiples desbordamientos de entero en la función BnHDCP::onTransact en media/libmedia/IHDCP.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I permiten a atacantes remotos ejecutar código ... • https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced • CWE-189: Numeric Errors •