CVE-2015-3864

EPSS 87.1%

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.

Affected products

n/a · n/a

public PoCs found — 11

githubgithub.com/eudemonics/scaredycat★ 17 githubgithub.com/pwnaccelerator/stagefright-cve-2015-3864★ 3 githubgithub.com/Bhathiya404/Exploiting-Stagefright-Vulnerability-CVE-2015-3864★ 0 githubgithub.com/Cmadhushanka/CVE-2015-3864-Exploitation★ 0 githubgithub.com/HenryVHuang/CVE-2015-3864★ 0 cve_referencewww.exploit-db.com/exploits/38226/unverified exploitdbwww.exploit-db.com/exploits/39640unverified cve_referencewww.exploit-db.com/exploits/39640/unverified cve_referencewww.exploit-db.com/exploits/40436/unverified exploitdbwww.exploit-db.com/exploits/38226unverified exploitdbwww.exploit-db.com/exploits/40436unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968 https://blog.zimperium.com/cve-2015-3864-metasploit-module-now-available-for-testing/https://blog.zimperium.com/reflecting-on-stagefright-patches/https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ https://www.exploit-db.com/exploits/38226/https://www.exploit-db.com/exploits/39640/https://www.exploit-db.com/exploits/40436/http://www.securityfocus.com/bid/76682