CVE-2015-1536 : Integer overflow in the Bitmap_createFromParcel function in core/jni/android/gra

Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945.

Published 2015-10-01 00:59:06

Updated 2015-10-01 16:23:38

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2015-1536

Google » Android
Versions up to, including, (<=) 5.1
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1536

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1536

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.5	HIGH	AV:N/AC:L/Au:N/C:P/I:N/A:C	10.0	7.8	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-1536

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1536

https://android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb

d44e5bde18a41beda39d49189bef7f2ba7c8f3cb - platform/frameworks/base - Git at Google
Vendor Advisory
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-1536

Products affected by CVE-2015-1536

Exploit prediction scoring system (EPSS) score for CVE-2015-1536

CVSS scores for CVE-2015-1536

CWE ids for CVE-2015-1536

References for CVE-2015-1536