CVE-2015-3864
Google Android - libstagefright Integer Overflow Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
Desbordamiento de entero inferior en la función MPEG4Extractor::parseChunk en MPEG4Extractor.cpp en libstagefright en mediaserver en Android en versiones anteriores a 5.1.1 LMY48M permite a atacantes remotos ejecutar código arbitrario a través de datos MPEG-4 manipulados, también conocido como error interno 23034759. NOTA: esta vulnerabilidad existe debido a una solución incompleta para la CVE-2015-3824.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-12 CVE Reserved
- 2015-10-01 CVE Published
- 2016-03-30 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/76682 | Vdb Entry | |
https://blog.zimperium.com/cve-2015-3864-metasploit-module-now-available-for-testing | Release Notes | |
https://blog.zimperium.com/reflecting-on-stagefright-patches | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/38226 | 2024-08-06 | |
https://www.exploit-db.com/exploits/40436 | 2024-08-06 | |
https://www.exploit-db.com/exploits/39640 | 2024-08-06 | |
https://github.com/HenryVHuang/CVE-2015-3864 | 2016-03-30 | |
https://github.com/Cmadhushanka/CVE-2015-3864-Exploitation | 2024-07-10 | |
https://github.com/Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864 | 2023-02-09 |
URL | Date | SRC |
---|