QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3864

Published: Oct 1, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[android-security-updates] 20150909 Nexus Security Bulletin (September 2015)

mailing-list

x_refsource_MLIST

https://blog.zimperium.com/cve-2015-3864-metasploit-module-now-available-for-testing/

x_refsource_MISC

https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

https://blog.zimperium.com/reflecting-on-stagefright-patches/

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.