CVE-2015-3824
published 2015-10-01CVE-2015-3824: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which…
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
90.48%
99.8th percentile
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 5.1 | — | |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in MPEG4Extractor::parseChunk function within MPEG4Extractor.cpp in libstagefright (mediaserver). Detection should focus on malformed/crafted MPEG-4 data processed by the Android mediaserver process. ↗
- →Monitor the Android 'mediaserver' process for anomalous behavior (crashes, unexpected child processes, privilege escalation) when handling MPEG-4 media files, as exploitation occurs through crafted MPEG-4 content delivered remotely. ↗
- →Affected Android versions are 5.1 and below (fixed in 5.1.1 LMY48M). Flag devices running these versions processing untrusted MPEG-4 media as high-risk. ↗
- ·CVE-2015-3824 was only partially fixed; CVE-2015-3864 represents an incomplete fix for this same vulnerability (integer underflow in MPEG4Extractor::parseChunk). Detection rules targeting CVE-2015-3824 should also account for CVE-2015-3864 as a bypass variant. ↗
- ·Severity is rated CRITICAL by Android Security Bulletin; prioritize detection and patching accordingly on affected Android 5.1 and below devices. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3jxp-72qc-76w7: The MPEG4Extractor::parseChunk function in MPEG4Extractor
ghsa_unreviewed·2022-05-17
CVE-2015-3824 [HIGH] CWE-119 GHSA-3jxp-72qc-76w7: The MPEG4Extractor::parseChunk function in MPEG4Extractor
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261.
GHSA
GHSA-9pwf-jxj3-pf4m: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3864 [CRITICAL] GHSA-9pwf-jxj3-pf4m: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
Android
CVE-2015-3824: Android Security Bulletin 2015-08-01
CVE: CVE-2015-3824
Severity: CRITICAL
Affected AOSP versions: 5
vendor_android·2015-08-01·CVSS 10.0
CVE-2015-3824 [CRITICAL] CVE-2015-3824: Android Security Bulletin 2015-08-01
CVE: CVE-2015-3824
Severity: CRITICAL
Affected AOSP versions: 5
Android Security Bulletin 2015-08-01
CVE: CVE-2015-3824
Severity: CRITICAL
Affected AOSP versions: 5.1 and below
No detection rules found.
No public exploits indexed.
Recorded Future
Stagefright Exploits Hit the Web | Recorded Future
blogs_recorded_future·CVSS 10.0
[CRITICAL] Stagefright Exploits Hit the Web | Recorded Future
## Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the "Mother of all Android vulnerabilities" capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices - over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
## Click image for larger view
The first known publicly available POC appeared on Chinese language forum heishou.com.cn on July 31 and was subsequently shared on Twitter and reposted on other forums.
Packaged exploits for use by lower skilled cyber crimina
Recorded Future
Stagefright Exploits Hit the Web
blogs_recorded_future·CVSS 10.0
[CRITICAL] Stagefright Exploits Hit the Web
# Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the "Mother of all Android vulnerabilities" capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices - over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
###### Click image for larger view
The first known publicly available POC appeared on Chinese language forum heishou.com.cn on July 31 and was subsequently shared on Twitter and reposted on other forums.
Packaged exploits for use by lower skilled cyber crim
http://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJhttp://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://android.googlesource.com/platform/frameworks/av/+/463a6f807e187828442949d1924e143cf07778c6https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
2015-10-01
Published