Vulnerability Details : CVE-2015-6598

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.

Vulnerability category: Memory CorruptionInput validationExecute codeDenial of service

Published 2015-10-06 17:59:19

Updated 2015-10-07 18:36:51

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-6598

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-6598

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-6598

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6598

https://groups.google.com/forum/message/raw?msg=android-security-updates/_Rm-lKnS2M8/dGTcilt0CAAJ

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-6598

Google » Android
Versions up to, including, (<=) 5.1
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Matching versions