cbcvebase.
CVE-2015-3828
published 2015-10-01

CVE-2015-3828: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
85.38%
99.7th percentile
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.

Affected

2 ranges
VendorProductVersion rangeFixed in
googleandroid<= 5.1
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in MPEG4Extractor::parse3GPPMetaData function within libstagefright (MPEG4Extractor.cpp); monitor for crafted 3GPP metadata files triggering integer underflow in this function
  • Attack vector is crafted 3GPP metadata with a UTF-16 string containing a Byte Order Mark (BOM) with no enforced minimum size; inspect 3GPP/MP4 media files for malformed BOM-prefixed UTF-16 metadata fields
  • Affected platforms are Android 5.0 and above (up to but not including 5.1.1 LMY48I); prioritize detection and patching on devices running these versions
  • Severity is CRITICAL per Android Security Bulletin; treat any exploitation attempt against libstagefright's 3GPP metadata parsing as high priority
  • ·This is a related issue to CVE-2015-3826, both involving libstagefright 3GPP metadata parsing; detection rules targeting one may need to account for the other
  • ·The internal bug reference is 20923261; use this identifier when cross-referencing Android AOSP patch commits or vendor advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.