QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3827

Published: Oct 1, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

x_refsource_CONFIRM

http://www.huawei.com/en/psirt/security-advisories/hw-448928

x_refsource_CONFIRM

https://android.googlesource.com/platform/frameworks/av/+/f4a88c8ed4f8186b3d6e2852993e063fc33ff231

x_refsource_CONFIRM

[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.