CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities Published In 2015 (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8507 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.
2 CVE-2015-8506 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507.
3 CVE-2015-8505 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.
4 CVE-2015-8073 119 DoS Exec Code Overflow Mem. Corr. 2015-11-03 2015-11-03
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.
5 CVE-2015-8072 119 DoS Exec Code Overflow Mem. Corr. 2015-11-03 2015-11-03
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073.
6 CVE-2015-7716 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.
7 CVE-2015-6677 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588.
8 CVE-2015-6634 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.
9 CVE-2015-6633 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
10 CVE-2015-6617 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740.
11 CVE-2015-6616 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507.
12 CVE-2015-6610 119 DoS Overflow +Priv Mem. Corr. 2015-11-03 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088.
13 CVE-2015-6609 119 DoS Exec Code Overflow Mem. Corr. 2015-11-03 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.
14 CVE-2015-6608 119 DoS Exec Code Overflow Mem. Corr. 2015-11-03 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073.
15 CVE-2015-6604 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.
16 CVE-2015-6603 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354.
17 CVE-2015-6601 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234.
18 CVE-2015-6600 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938.
19 CVE-2015-6599 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608.
20 CVE-2015-6598 20 DoS Exec Code Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.
21 CVE-2015-6575 189 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917.
22 CVE-2015-5588 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-6677.
23 CVE-2015-5582 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677.
24 CVE-2015-5580 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.
25 CVE-2015-5578 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.
26 CVE-2015-5577 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.
27 CVE-2015-5575 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.
28 CVE-2015-5567 119 DoS Exec Code Overflow Mem. Corr. 2015-09-22 2017-02-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579.
29 CVE-2015-3877 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.
30 CVE-2015-3875 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.
31 CVE-2015-3874 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.
32 CVE-2015-3873 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716.
33 CVE-2015-3872 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
34 CVE-2015-3871 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033.
35 CVE-2015-3870 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.
36 CVE-2015-3869 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.
37 CVE-2015-3868 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.
38 CVE-2015-3867 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
39 CVE-2015-3829 189 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.
40 CVE-2015-3828 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.
41 CVE-2015-3827 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.
42 CVE-2015-3824 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261.
43 CVE-2015-3823 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
44 CVE-2015-3105 119 DoS Exec Code Overflow Mem. Corr. 2015-06-09 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
45 CVE-2015-1528 189 DoS Overflow Mem. Corr. 2015-09-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.
46 CVE-2015-1474 189 DoS Overflow +Priv Mem. Corr. 2015-02-15 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
Total number of vulnerabilities : 46   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.