mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.
Max CVSS
5.0
EPSS Score
0.10%
Published
2015-10-06
Updated
2015-10-07
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
Max CVSS
9.3
EPSS Score
0.06%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.
Max CVSS
9.3
EPSS Score
0.06%
Published
2015-10-06
Updated
2015-10-07
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718.
Max CVSS
5.0
EPSS Score
0.10%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
Max CVSS
9.3
EPSS Score
0.86%
Published
2015-10-02
Updated
2016-12-08
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
Max CVSS
9.3
EPSS Score
0.06%
Published
2015-10-06
Updated
2015-10-07
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917.
Max CVSS
10.0
EPSS Score
0.18%
Published
2015-10-01
Updated
2015-10-01
Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.
Max CVSS
9.3
EPSS Score
0.06%
Published
2015-10-06
Updated
2015-10-07
Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192.
Max CVSS
4.3
EPSS Score
0.06%
Published
2015-10-06
Updated
2015-10-07
Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
Max CVSS
9.3
EPSS Score
6.42%
Published
2015-10-02
Updated
2016-12-08
libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
Max CVSS
10.0
EPSS Score
0.18%
Published
2015-10-06
Updated
2015-10-07
The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
Max CVSS
10.0
EPSS Score
0.15%
Published
2015-10-06
Updated
2015-10-07