PT-2015-2203 · Google · Android+1

Published

2015-10-02

Updated

2016-12-08

CVE-2015-3876

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions through 5.1.1 LMY48M

Description The issue exists due to insufficient input validation in the libstagefright library of the Android operating system. It allows a remote attacker to execute arbitrary code by using specially crafted metadata in MP3 or MP4 files.

Recommendations For Android versions through 5.1.1 LMY48M, consider restricting access to MP3 and MP4 files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid using the libstagefright library until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-11549

CVE-2015-3876

Affected Products

Android

Libstagefright

PT-2015-2203 · Google · Android+1

CVE-2015-3876

Weakness Enumeration

Related Identifiers

Affected Products

References · 6