Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-1474

Published: 16/02/2015 Updated: 29/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android up to and including 5.0 allow malicious users to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android

Exploits

Exploit DB: Google Android Integer Oveflow / Heap Corruption
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffercpp in Android through 50 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of file descriptors or integer values All versions below Lollipop 51 are affe ...

Github Repositories

https://github.com/VERFLY/SecurityScanner

SecurityScanner 概述 本软件为一款手机安全漏洞与安全风险检测软件,目前可检测CVE-2014-7911、CVE-2014-8609、CVE-2015-1474等安全漏洞,以及Android四大组件导出带来的安全风险。 特别提示:本软件目前为beta版本,后续将不断完善。

https://github.com/p1gl3t/CVE-2015-1474_poc

This code is ment to be a tentative of a poc for CVE-2015-1474 The code is based on the code of the screencap comand, but generates a rogue parcel that crashes the surfaceflinger when it is deserialized See more at forumxda-developerscom/kindle-fire-hdx/orig-development/evaluating-cve-2015-1474-to-escalate-to-t3045163 Clone under frameworks/base/cmds/badscreencap an

References

CWE-189https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091http://www.securityfocus.com/bid/72788http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.htmlhttp://www.securitytracker.com/id/1031875http://seclists.org/fulldisclosure/2015/Mar/63https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdfhttps://nvd.nist.govhttps://github.com/VERFLY/SecurityScannerhttps://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324path traversalCVE-2024-4743CVE-2024-5184TCPCVE-2024-27822code injectionCVE-2024-28995CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook