CVE-2015-3828
published 2015-10-01CVE-2015-3828: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
85.38%
99.7th percentile
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 5.1 | — | |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in MPEG4Extractor::parse3GPPMetaData function within libstagefright (MPEG4Extractor.cpp); monitor for crafted 3GPP metadata files triggering integer underflow in this function ↗
- →Attack vector is crafted 3GPP metadata with a UTF-16 string containing a Byte Order Mark (BOM) with no enforced minimum size; inspect 3GPP/MP4 media files for malformed BOM-prefixed UTF-16 metadata fields ↗
- →Affected platforms are Android 5.0 and above (up to but not including 5.1.1 LMY48I); prioritize detection and patching on devices running these versions ↗
- →Severity is CRITICAL per Android Security Bulletin; treat any exploitation attempt against libstagefright's 3GPP metadata parsing as high priority ↗
- ·This is a related issue to CVE-2015-3826, both involving libstagefright 3GPP metadata parsing; detection rules targeting one may need to account for the other ↗
- ·The internal bug reference is 20923261; use this identifier when cross-referencing Android AOSP patch commits or vendor advisories ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjfq-7xp6-72r5: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-3826 [CRITICAL] CWE-119 GHSA-pjfq-7xp6-72r5: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828.
GHSA
GHSA-2653-xjr2-pr7h: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2015-3828 [MEDIUM] CWE-119 GHSA-2653-xjr2-pr7h: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.
Android
CVE-2015-3828: Android Security Bulletin 2015-08-01
CVE: CVE-2015-3828
Severity: CRITICAL
Affected AOSP versions: 5
vendor_android·2015-08-01·CVSS 10.0
CVE-2015-3828 [CRITICAL] CVE-2015-3828: Android Security Bulletin 2015-08-01
CVE: CVE-2015-3828
Severity: CRITICAL
Affected AOSP versions: 5
Android Security Bulletin 2015-08-01
CVE: CVE-2015-3828
Severity: CRITICAL
Affected AOSP versions: 5.0 and above
No detection rules found.
No public exploits indexed.
Recorded Future
Stagefright Exploits Hit the Web | Recorded Future
blogs_recorded_future·CVSS 10.0
[CRITICAL] Stagefright Exploits Hit the Web | Recorded Future
## Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the "Mother of all Android vulnerabilities" capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices - over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
## Click image for larger view
The first known publicly available POC appeared on Chinese language forum heishou.com.cn on July 31 and was subsequently shared on Twitter and reposted on other forums.
Packaged exploits for use by lower skilled cyber crimina
Recorded Future
Stagefright Exploits Hit the Web
blogs_recorded_future·CVSS 10.0
[CRITICAL] Stagefright Exploits Hit the Web
# Stagefright Exploits Hit the Web
Exploits and proof of concepts (POCs) are appearing on the Web for Stagefright, hyped as the "Mother of all Android vulnerabilities" capable of gaining remote code execution privileges via a malicious MMS (e.g., a picture message). This collection of 10 vulnerabilities reportedly impacts 95% of all Android devices - over 900 million phones.
Recorded Future has identified shared exploits and POCs appearing on the Web 10 days after the July 21 announcement by Zimperium zLabs researcher Joshua Drake.
###### Click image for larger view
The first known publicly available POC appeared on Chinese language forum heishou.com.cn on July 31 and was subsequently shared on Twitter and reposted on other forums.
Packaged exploits for use by lower skilled cyber crim
http://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJhttp://www.huawei.com/en/psirt/security-advisories/hw-448928http://www.securityfocus.com/bid/76052http://www.securitytracker.com/id/1033094http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htmhttps://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
2015-10-01
Published