cbcvebase.
CVE-2015-3829
published 2015-10-01

CVE-2015-3829: Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to…

PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
89.78%
99.8th percentile
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.

Affected

2 ranges
VendorProductVersion rangeFixed in
googleandroid<= 5.1
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Look for crafted MPEG-4 files containing 'covr' atoms with a size value equal to SIZE_MAX, which triggers an off-by-one integer overflow in MPEG4Extractor::parseChunk within libstagefright
  • Vulnerable code path is in MPEG4Extractor.cpp within libstagefright on Android before 5.1.1 LMY48I; monitor for memory corruption or crashes originating from this library when parsing MPEG-4 media files
  • ·Vulnerability affects Android 5.0 and above (up to but not including 5.1.1 LMY48I); devices running older Android versions are not affected by this specific CVE
  • ·This is rated CRITICAL severity, indicating remote code execution is achievable without user interaction beyond opening a malicious media file
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.