Google

Android

7930 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2015-3832

  • EPSS 6.83%
  • Veröffentlicht 01.10.2015 00:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.

9.3

CVE-2015-3831

  • EPSS 0.47%
  • Veröffentlicht 01.10.2015 00:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bu...

10

CVE-2015-3829

  • EPSS 25.1%
  • Veröffentlicht 01.10.2015 00:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption)...

10

CVE-2015-3828

  • EPSS 27.18%
  • Veröffentlicht 01.10.2015 00:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbi...

9.3

CVE-2015-3827

  • EPSS 12.43%
  • Veröffentlicht 01.10.2015 00:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a d...

5

CVE-2015-3826

  • EPSS 1.61%
  • Veröffentlicht 01.10.2015 00:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a deni...

10

CVE-2015-3824

  • EPSS 12.23%
  • Veröffentlicht 01.10.2015 00:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer ove...

4.3

CVE-2015-1541

  • EPSS 0.06%
  • Veröffentlicht 01.10.2015 00:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1...

10

CVE-2015-1539

  • EPSS 18.62%
  • Veröffentlicht 01.10.2015 00:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CV...

10

CVE-2015-1538

  • EPSS 86.41%
  • Veröffentlicht 01.10.2015 00:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multipl...