Published: 03/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

libutils in Android prior to 5.1.1 LMY48X and 6.0 prior to 2015-11-01 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android

Debian Bug report logs - #806375 CVE-2015-6609 CVE-2015-6602 CVE-2015-3875 Package: android-libutils; Maintainer for android-libutils is Android Tools Maintainers <android-tools-devel@listsaliothdebianorg>; Source for android-libutils is src:android-platform-system-core (PTS, buildd, popcon) Reported by: Moritz Muehlenhof ...

Google roasts critical twin Android bugs in new Marshmallow OS

The Register • Darren Pauli • 03 Nov 2015

Privilege escalation and remote code execution feature in fourth droid patch run.

Google has patched two critical remote code execution vulnerabilities as part of a suite of seven fixes in its fourth round of Android patching since August. The over-the-air updates set to hit Nexus, Samsung, and Android Open Source Project (AOSP) devices first for Google's latest Marshmallow Android operating system. Google informed "partners" on 5 October and patch source code is set to hit the AOSP soon. Two flaws rated critical include libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608...

CVE-2015-6609

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect