Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android prior to 5.1.1 LMY48I allows remote malicious users to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android |
Pop tunes pop phones
Updated More than a billion Android phones, tablets and other gadgets can be hijacked by merely previewing MP3 music or MP4 video files. Booby-trapped songs and vids downloaded from the web or emails can potentially compromise vulnerable devices, and install spyware, password-stealing malware, and so on. This is all thanks to two remote-code execution flaws billed as the second iteration of the original Stagefright vulnerability. Zimperium researcher Joshua J Drake found the pair of Android secu...
BOO! Now giddyup and get testing
Security researchers at Zimperium have released a working version of Stagefright exploit code. Zimperium said it was publishing the software so that administrators and penetration testers can validate the effectiveness of the Android community's response to patching the security hole. Google is only just getting around to publishing a comprehensive fix for Stagefright, following a flawed attempt to fix the mega-vuln last month. The Stagefright vulnerability (CVE-2015-1538) can allow remote code ...