CVE-2015-3864 : Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.

Published 2015-10-01 00:59:32

Updated 2017-09-16 01:29:02

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2015-3864

Probability of exploitation activity in the next 30 days: 97.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-3864

Android Stagefright MP4 tx3g Integer Overflow

Disclosure Date: 2015-08-13

First seen: 2020-04-26

exploit/android/browser/stagefright_mp4_tx3g_64bit

This module exploits an integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to wor

More information

CVSS scores for CVE-2015-3864

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-3864

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3864

https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968

6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968 - platform/frameworks/av - Git at Google
Vendor Advisory
https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ

Vendor Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/40436/

Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
https://www.exploit-db.com/exploits/38226/

Google Android - libstagefright Integer Overflow Remote Code Execution
https://blog.zimperium.com/reflecting-on-stagefright-patches/

Reflecting on Stagefright Patches | Zimperium Mobile Security Blog
https://blog.zimperium.com/cve-2015-3864-metasploit-module-now-available-for-testing/

CVE-2015-3864 Metasploit module now available for testing
Release Notes;Third Party Advisory
http://www.securityfocus.com/bid/76682

Google Android Stagefright CVE-2015-3864 Incomplete Fix Integer Overflow Vulnerability
https://www.exploit-db.com/exploits/39640/

Google Android 5.0.1 - Metaphor Stagefright (ASLR Bypass)

Products affected by CVE-2015-3864

Google » Android
Versions up to, including, (<=) 5.1
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Matching versions