Published: 03/11/2015 Updated: 12/02/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 829

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

libmedia in Android prior to 5.1.1 LMY48X and 6.0 prior to 2015-11-01 allows malicious users to gain privileges via a crafted application, aka internal bug 23540426.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 6.0
google android

cve-2015-6612 POC for M reported by me and @WenXu from Keen put this under ANDROIDSRCROOT/frameworks/av/media/decrytpoc/ and cd into it && calling mm

CVE-2015-6612 The detail of the vulnerability please refer to descriptionpdf My sad story about this bug: I repoted this issue to ZDI last March, at the beginning, they said they couldn't reproduce it in the latest Android, after half a month comunication, they decided not to pursue acquisition of the bug Holded this bug for a long time, and I reported it to Google at Au

Google roasts critical twin Android bugs in new Marshmallow OS

The Register • Darren Pauli • 03 Nov 2015

Privilege escalation and remote code execution feature in fourth droid patch run.

Google has patched two critical remote code execution vulnerabilities as part of a suite of seven fixes in its fourth round of Android patching since August. The over-the-air updates set to hit Nexus, Samsung, and Android Open Source Project (AOSP) devices first for Google's latest Marshmallow Android operating system. Google informed "partners" on 5 October and patch source code is set to hit the AOSP soon. Two flaws rated critical include libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608...

CVE-2015-6612

Vulnerability Summary

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect