Vulnerability Details : CVE-2015-3835
Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.
Published
2015-10-01 00:59:19
Updated
2015-10-01 16:44:45
Vulnerability category: OverflowExecute code
Products affected by CVE-2015-3835
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3835
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3835
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-3835
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3835
-
https://android.googlesource.com/platform/frameworks/av/+/086d84f45ab7b64d1a7ed7ac8ba5833664a6a5ab
086d84f45ab7b64d1a7ed7ac8ba5833664a6a5ab - platform/frameworks/av - Git at GoogleVendor Advisory
-
https://android.googlesource.com/platform/frameworks/av/+/3cb1b6944e776863aea316e25fdc16d7f9962902
3cb1b6944e776863aea316e25fdc16d7f9962902 - platform/frameworks/av - Git at GoogleVendor Advisory
-
https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
Vendor Advisory
Jump to