| Vulnerability Name: | CVE-2015-3876 (CCN-106876) | ||||||||
| Assigned: | 2015-10-01 | ||||||||
| Published: | 2015-10-01 | ||||||||
| Updated: | 2016-12-08 | ||||||||
| Summary: | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | ||||||||
| CVSS v3 Severity: | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-3876 Source: CCN Type: Android Open Source Project Nexus Security Bulletin - October 2015 Source: MISC Type: Press/Media Coverage, Third Party Advisory http://twitter.com/4Dgifts/statuses/649589185792339968 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1033725 Source: CCN Type: Zimperium Mobile Security Blog, Thursday, Oct 1 2015 at 04:00 Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media - See more at: https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/#sthash.Jx5WvU8Z.dpuf Source: MISC Type: Vendor Advisory https://code.google.com/p/android/issues/detail?id=182386 Source: XF Type: UNKNOWN google-android-cve20153876-code-exec(106876) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||