Published: 02/10/2015 Updated: 08/12/2016

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

libstagefright in Android up to and including 5.1.1 LMY48M allows remote malicious users to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android

Google bugle sounds patch release for Android Stagefright 2.0

The Register • Darren Pauli • 06 Oct 2015

Samsung and LG, but what about HTC?

Google is slinging new patches at the Stagefright Android-goring vulnerability revealed last week. The fixes will prevent malicious video and music files from exploiting StageFright 2.0 holes present in all Android devices. The new plugs stopper two remote-code execution flaws billed as the second iteration of the original Stagefright vulnerability. Zimperium researcher Joshua J Drake reported the security bugs (CVE-2015-3876 in libstagefright, and CVE-2015-6602 in libutils) to Google that affec...

The Register • Darren Pauli • 01 Oct 2015

Pop tunes pop phones

Updated More than a billion Android phones, tablets and other gadgets can be hijacked by merely previewing MP3 music or MP4 video files. Booby-trapped songs and vids downloaded from the web or emails can potentially compromise vulnerable devices, and install spyware, password-stealing malware, and so on. This is all thanks to two remote-code execution flaws billed as the second iteration of the original Stagefright vulnerability. Zimperium researcher Joshua J Drake found the pair of Android secu...

CVE-2015-3876

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect