CVE Vulnerabilities

CVE-2015-1538

Published: Oct 01, 2015 | Modified: Sep 21, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
NEGLIGIBLE

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Affected Software

Name Vendor Start Version End Version
Android Google * 5.1 (including)
Android Ubuntu devel *
Android Ubuntu trusty *
Android Ubuntu upstream *
Android Ubuntu vivid *
Android Ubuntu vivid/stable-phone-overlay *
Android Ubuntu wily *

References