cbcvebase.
CVE-2015-3824
published 2015-10-01

CVE-2015-3824: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which…

PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
90.48%
99.8th percentile
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261.

Affected

2 ranges
VendorProductVersion rangeFixed in
googleandroid<= 5.1
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in MPEG4Extractor::parseChunk function within MPEG4Extractor.cpp in libstagefright (mediaserver). Detection should focus on malformed/crafted MPEG-4 data processed by the Android mediaserver process.
  • Monitor the Android 'mediaserver' process for anomalous behavior (crashes, unexpected child processes, privilege escalation) when handling MPEG-4 media files, as exploitation occurs through crafted MPEG-4 content delivered remotely.
  • Affected Android versions are 5.1 and below (fixed in 5.1.1 LMY48M). Flag devices running these versions processing untrusted MPEG-4 media as high-risk.
  • ·CVE-2015-3824 was only partially fixed; CVE-2015-3864 represents an incomplete fix for this same vulnerability (integer underflow in MPEG4Extractor::parseChunk). Detection rules targeting CVE-2015-3824 should also account for CVE-2015-3864 as a bypass variant.
  • ·Severity is rated CRITICAL by Android Security Bulletin; prioritize detection and patching accordingly on affected Android 5.1 and below devices.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.