QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1538

Published: Oct 1, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398

x_refsource_CONFIRM

http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

x_refsource_CONFIRM

http://www.huawei.com/en/psirt/security-advisories/hw-448928

x_refsource_CONFIRM

[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.