CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7917
https://notcve.org/view.php?id=CVE-2014-7917
01 Oct 2015 — Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. Desbordamiento de entero en SampleTable.cpp en libstagefright en Android en versiones anteriores a 5.0.0, tiene un impacto y vectores de ataque no especificados, también conocida como error interno 15342615. • http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6575
https://notcve.org/view.php?id=CVE-2015-6575
01 Oct 2015 — SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917. SampleTable.cpp en libstagefright en Android en versio... • https://android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7916
https://notcve.org/view.php?id=CVE-2014-7916
01 Oct 2015 — Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. Desbordamiento de entero en SampleTable.cpp en libstagefright en Android en versiones anteriores a 5.0.0, tiene un impacto y vectores de ataque no especificados, también conocida como error interno 15342751. • http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2015-3860
https://notcve.org/view.php?id=CVE-2015-3860
01 Oct 2015 — packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934. packages/Keyguard/res/layout/keyguard_password_view.xml en Lockscreen en Android 5.x en versiones anteriores a 5.1.1 LMY48M no restringe el número de caracteres en el c... • http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3861
https://notcve.org/view.php?id=CVE-2015-3861
01 Oct 2015 — Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug 21296336. Múltiples desbordamientos de entero en la función addVorbisCodecInfo en matroska/MatroskaExtractor.cpp en libstagefright en mediaserver en Android en versiones anteriores a 5.1.1 LMY48M permiten a atacantes remotos provocar... • https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7915
https://notcve.org/view.php?id=CVE-2014-7915
01 Oct 2015 — Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. Desbordamiento de entero en SampleTable.cpp en libstagefright en Android en versiones anteriores a 5.0.0, tiene un impacto y vectores de ataque no especificados, también conocida como error interno 15328708. • http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3858
https://notcve.org/view.php?id=CVE-2015-3858
01 Oct 2015 — The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. La función checkDestination en internal/telephony/SMSDispatcher.java en Android en versiones anteriores a 5.1.1 LMY48M confía en un nombre de permiso obsoleto para una comporbación de au... • https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2015-3826
https://notcve.org/view.php?id=CVE-2015-3826
01 Oct 2015 — The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. La función MPEG4Extractor::parse3GPPMetaData en MPEG4Extractor.cpp en libstagefright en And... • http://www.huawei.com/en/psirt/security-advisories/hw-448928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3835
https://notcve.org/view.php?id=CVE-2015-3835
01 Oct 2015 — Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. Desbordamiento de buffer en la función OMXNodeInstance::emptyBuffer en omx/OMXNodeInstance.cpp en libstagefright en Android en versiones anteriores a 5.1.1 LMY48I permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada, también conocido como error i... • https://android.googlesource.com/platform/frameworks/av/+/086d84f45ab7b64d1a7ed7ac8ba5833664a6a5ab • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3863
https://notcve.org/view.php?id=CVE-2015-3863
01 Oct 2015 — Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. Múltiples desbordamientos de entero en la clase Blob en keystore/keystore.cpp en Keystore en Android en versiones anteriores a 5.1.1 LMY48M permiten a atacantes ejecutar código arbitrario y leer claves de Keystore arbitrarias a t... • https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b • CWE-189: Numeric Errors •