Vulnerability Details : CVE-2015-3828

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Published 2015-10-01 00:59:13

Updated 2017-09-21 01:29:09

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-3828

Probability of exploitation activity in the next 30 days: 68.46%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-3828

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-3828

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3828

http://www.huawei.com/en/psirt/security-advisories/hw-448928

Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products

CVEs referencing this url
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm

Security Advisory - Stagefright Vulnerability in Multiple Huawei Android Products

CVEs referencing this url
http://www.securityfocus.com/bid/76052

Google Stagefright Media Playback Engine Multiple Remote Code Execution Vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id/1033094

Google Android MMS Media Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker

CVEs referencing this url
https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1

f4f7e0c102819f039ebb1972b3dba1d3186bc1d1 - platform/frameworks/av - Git at Google
Vendor Advisory

CVEs referencing this url
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-3828

Google » Android
Versions up to, including, (<=) 5.1
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Matching versions