NVD

Id
25466  
Name
CVE-2015-3826  
Description
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-09-30  
Modified Date
2016-12-07  
Seq
2015-3826  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
134730 25466 CVE-2015-3826 http://www.huawei.com/en/psirt/security-advisories/hw-448928  View
134731 25466 CVE-2015-3826 76052  View
134732 25466 CVE-2015-3826 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm  View
134733 25466 CVE-2015-3826 https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1  View
134734 25466 CVE-2015-3826 [android-security-updates] 20150812 Nexus Security Bulletin (August 2015)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9698 JVNDB-2015-005018 Android の libstagefright の MPEG4Extractor.cpp の MPEG4Extractor::parse3GPPMetaData 関数におけるサービス運用妨害 (DoS) の脆弱性 Android の libstagefright の MPEG4Extractor.cpp の MPEG4Extractor::parse3GPPMetaData 関数は、Byte Order Mark (BOM) を含む UTF-16 文字列に最小サイズを適用しないため、サービス運用妨害 (整数アンダーフロー、バッファオーバーリード、およびメディアサーバプロセスクラッシュ) 状態にされる脆弱性が存在します。 CVE-2015-3826 81051 CVE-2015-3826 25466 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005018.html 2015-07-09 2015-10-02 View