PT-2015-2228 · Google+1 · Android+2
Jduck
+1
·
Published
2015-08-09
·
Updated
2017-09-21
·
CVE-2015-1538
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 5.1.1 LMY48I
Description
The issue is related to an integer overflow in the
SampleTable::setSampleToChunkParams function in libstagefright in Android. This allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication. The vulnerability can be exploited to remotely execute code in affected devices.Recommendations
For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the
libstagefright library to minimize the risk of exploitation. Avoid using the SampleTable::setSampleToChunkParams function until a patch is available.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Huawei Vrp
Libstagefright