← volver
CVE-2015-1538

CVE-2015-1538

EPSS 99.1%
Vexday Risk Score
45Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 99.1%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
09 sep 2015PoC pública
01 oct 2015Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
Productos afectados
n/a · n/a
PoCs públicas encontradas10
githubgithub.com/jduck/cve-2015-1538-1204githubgithub.com/Tharana/vulnerability-exploitation3githubgithub.com/oguzhantopgul/cve-2015-1538-13githubgithub.com/renjithsasidharan/cve-2015-1538-11githubgithub.com/Tharana/Android-vulnerability-exploitation1githubgithub.com/niranjanshr13/Stagefright-cve-2015-1538-10githubgithub.com/xsleaksiki/cve0exploitdbwww.exploit-db.com/exploits/38124no verificadocve_referencewww.exploit-db.com/exploits/38124/no verificadocve_referencepacketstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/134131/Libstagefright-Integer-Overflow-Check-Bypass.htmlhttps://android.googlesource.com/platform/frameworks/av/+/2434839bbd168469f80dd9a22f1328bc81046398https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJhttps://www.exploit-db.com/exploits/38124/http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttp://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094