CVE-2015-6602
published 2015-10-02CVE-2015-6602: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | android-platform-frameworks-native | — | — |
| android | <= 5.1.1 | — | |
| android | — | — |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
Android
CVE-2015-6602: Android Security Bulletin 2015-10-01
CVE: CVE-2015-6602
Severity: CRITICAL
Affected AOSP versions: 5
vendor_android·2015-10-01·CVSS 9.3
CVE-2015-6602 [CRITICAL] CVE-2015-6602: Android Security Bulletin 2015-10-01
CVE: CVE-2015-6602
Severity: CRITICAL
Affected AOSP versions: 5
Android Security Bulletin 2015-10-01
CVE: CVE-2015-6602
Severity: CRITICAL
Affected AOSP versions: 5.1 and below
Debian
CVE-2015-6602: android-platform-frameworks-native - libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbi...
vendor_debian·2015·CVSS 9.3
CVE-2015-6602 [CRITICAL] CVE-2015-6602: android-platform-frameworks-native - libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbi...
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
Scope: local
bookworm: open
bullseye: open
GHSA
GHSA-mg29-8f99-xwq6: libutils in Android through 5
ghsa_unreviewed·2022-05-17
CVE-2015-6602 [HIGH] CWE-20 GHSA-mg29-8f99-xwq6: libutils in Android through 5
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
OSV
CVE-2015-6602: libutils in Android through 5
osv·2015-10-02·CVSS 9.3
CVE-2015-6602 [CRITICAL] CVE-2015-6602: libutils in Android through 5
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securitytracker.com/id/1033725https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-noteshttps://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/http://www.securitytracker.com/id/1033725https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-noteshttps://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/
2015-10-02
Published