9.3
CVE-2015-3876
- EPSS 7.18%
- Veröffentlicht 02.10.2015 02:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@android.com
- CVE-Watchlists
- Unerledigt
Loginlibstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.18% | 0.914 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.