10

CVE-2015-1474

Exploit
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version <= 5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.74% 0.884
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/63
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/72788
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031875
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091
Patch
Issue Tracking
https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf