NVD

Id
27450  
Name
CVE-2015-6575  
Description
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2015-09-30  
Modified Date
2015-10-01  
Seq
2015-6575  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
144181 27450 CVE-2015-6575 https://android.googlesource.com/platform/frameworks/av/+/cf1581c66c2ad8c5b1aaca2e43e350cf5974f46d  View
144182 27450 CVE-2015-6575 [android-security-updates] 20150812 Nexus Security Bulletin (August 2015)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9721 JVNDB-2015-005041 Android の libstagefright の SampleTable.cpp における任意のコードを実行される脆弱性 Android の libstagefright の SampleTable.cpp は、整数拡張 (integer promotion) を適切に考慮しないため、任意のコードを実行される、またはサービス運用妨害 (整数オーバーフローおよびメモリ破損) 状態にされる脆弱性が存在します。 CVE-2015-6575 83800 CVE-2015-6575 27450 10 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005041.html 2015-07-09 2015-10-02 View