CVE-2015-1539
published 2015-10-01CVE-2015-1539: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to…
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
85.79%
99.7th percentile
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| android | <= 5.1 | — | |
| android | — | — | |
| mozilla | firefox | <= 39.0.3 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 40.0+build4-0ubuntu0.14.04.1 | 40.0+build4-0ubuntu0.14.04.1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the ESDS::parseESDescriptor function in ESDS.cpp within libstagefright; monitor for exploitation attempts targeting MPEG-4/MP4 media parsing, specifically malformed ESDS atoms triggering integer underflows. ↗
- →Trigger condition is an invalid size field in an esds chunk within MPEG-4 video data; inspect MP4 files or streams for malformed esds chunk size fields as a detection signal. ↗
- →Affected Android versions are 5.1 and below (pre-5.1.1 LMY48I); prioritize detection and patching on devices running these OS versions. ↗
- ·This vulnerability is related to CVE-2015-4493 and both share the same root cause in libstagefright's ESDS parsing; detections should cover both CVEs when monitoring for stagefright exploitation. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hvq-r5w2-423m: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2015-1539 [CRITICAL] GHSA-3hvq-r5w2-423m: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.
GHSA
GHSA-8mf7-p7xv-mq52: Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2015-4493 [CRITICAL] CWE-119 GHSA-8mf7-p7xv-mq52: Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
OSV
CVE-2015-4493: Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40
osv·2015-08-11·CVSS 10.0
CVE-2015-4493 [CRITICAL] CVE-2015-4493: Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
Red Hat
Mozilla: Overflow issues in libstagefright (MFSA 2015-83)
vendor_redhat·2015-08-11·CVSS 10.0
CVE-2015-4493 [CRITICAL] CWE-190 Mozilla: Overflow issues in libstagefright (MFSA 2015-83)
Mozilla: Overflow issues in libstagefright (MFSA 2015-83)
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Android
CVE-2015-1539: Android Security Bulletin 2015-08-01
CVE: CVE-2015-1539
Severity: CRITICAL
Affected AOSP versions: 5
vendor_android·2015-08-01·CVSS 10.0
CVE-2015-1539 [CRITICAL] CVE-2015-1539: Android Security Bulletin 2015-08-01
CVE: CVE-2015-1539
Severity: CRITICAL
Affected AOSP versions: 5
Android Security Bulletin 2015-08-01
CVE: CVE-2015-1539
Severity: CRITICAL
Affected AOSP versions: 5.1 and below
No detection rules found.
No public exploits indexed.
Recorded Future
Stagefright Exploits Hit the Web | Recorded Future
blogs_recorded_future·CVSS 10.0
[CRITICAL] Stagefright Exploits Hit the Web | Recorded Future
## Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the "Mother of all Android vulnerabilities" capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices - over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
## Click image for larger view
The first known publicly available POC appeared on Chinese language forum heishou.com.cn on July 31 and was subsequently shared on Twitter and reposted on other forums.
Packaged exploits for use by lower skilled cyber crimina
Recorded Future
Stagefright Exploits Hit the Web
blogs_recorded_future·CVSS 10.0
[CRITICAL] Stagefright Exploits Hit the Web
# Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the "Mother of all Android vulnerabilities" capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices - over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
###### Click image for larger view
The first known publicly available POC appeared on Chinese language forum heishou.com.cn on July 31 and was subsequently shared on Twitter and reposted on other forums.
Packaged exploits for use by lower skilled cyber crim
http://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://android.googlesource.com/platform/frameworks/av/+/5e751957ba692658b7f67eb03ae5ddb2cd3d970chttps://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJhttp://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://android.googlesource.com/platform/frameworks/av/+/5e751957ba692658b7f67eb03ae5ddb2cd3d970chttps://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
2015-10-01
Published