Published: 03/11/2015 Updated: 12/02/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 892

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

mediaserver in Android 5.x prior to 5.1.1 LMY48X and 6.0 prior to 2015-11-01 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 6.0
google android

Google roasts critical twin Android bugs in new Marshmallow OS

The Register • Darren Pauli • 03 Nov 2015

Privilege escalation and remote code execution feature in fourth droid patch run.

Google has patched two critical remote code execution vulnerabilities as part of a suite of seven fixes in its fourth round of Android patching since August. The over-the-air updates set to hit Nexus, Samsung, and Android Open Source Project (AOSP) devices first for Google's latest Marshmallow Android operating system. Google informed "partners" on 5 October and patch source code is set to hit the AOSP soon. Two flaws rated critical include libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608...

CVE-2015-6608

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect