Back to all categorys

Remote Code Execution Vulnerability in Mediaserver

CVE-2015-3864

(json)

• CVE numbers: CVE-2015-3864 [Bulletin-CVE-2015-3864]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. [NIST-CVE-2015-3864]
• Discovered by: on: Unknown
• Reported on: 2015-09-01 [Bulletin-CVE-2015-3864]
• Fixed on: 2015-08-07 [ANDROID-23034759]
• Fix released on: Unknown
• Affected versions: 5.1 and below [Bulletin-CVE-2015-3864] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-3864]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0804

(json)

• CVE numbers: CVE-2016-0804 [Bulletin-CVE-2016-0804]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434. [NIST-CVE-2016-0804]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0804]
• Fixed on: 2015-10-19 [ANDROID-25070434]
• Fix released on: Unknown
• Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0804] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0804]
• Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0804]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2015-6636

(json)

• CVE numbers: CVE-2015-6636 [Bulletin-CVE-2015-6636]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. [NIST-CVE-2015-6636]
• Discovered by: on: Unknown
• Reported on: 2016-01-01 [Bulletin-CVE-2015-6636]
• Fixed on: 2015-10-27 [ANDROID-25070493]
• Fix released on: Unknown
• Affected versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6636] regex: (5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2015-6636]
• Fixed versions: 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2015-6636]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0803

(json)

• CVE numbers: CVE-2016-0803 [Bulletin-CVE-2016-0803]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794. [NIST-CVE-2016-0803]
• Discovered by: on: Unknown
• Reported on: 2016-02-01 [Bulletin-CVE-2016-0803]
• Fixed on: 2015-11-20 [ANDROID-25812794]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0803] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0803]
• Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0803]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0836

(json)

• CVE numbers: CVE-2016-0836 [Bulletin-CVE-2016-0836]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25812590. [NIST-CVE-2016-0836]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0836]
• Fixed on: 2015-11-24 [ANDROID-25812590]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0836] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0836]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0836]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0839

(json)

• CVE numbers: CVE-2016-0839 [Bulletin-CVE-2016-0839]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. [NIST-CVE-2016-0839]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0839]
• Fixed on: 2015-12-03 [ANDROID-25753245]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0839] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0839]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0839]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0835

(json)

• CVE numbers: CVE-2016-0835 [Bulletin-CVE-2016-0835]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. [NIST-CVE-2016-0835]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0835]
• Fixed on: 2015-12-31 [ANDROID-26070014]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0835] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0835]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0835]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0816

(json)

• CVE numbers: CVE-2016-0816 [Bulletin-CVE-2016-0816]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. [NIST-CVE-2016-0816]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-0816]
• Fixed on: 2016-01-07 [ANDROID-25928803]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0816] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0816]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0816]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0815

(json)

• CVE numbers: CVE-2016-0815 [Bulletin-CVE-2016-0815]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. [NIST-CVE-2016-0815]
• Discovered by: on: Unknown
• Reported on: 2016-03-01 [Bulletin-CVE-2016-0815]
• Fixed on: 2016-01-12 [ANDROID-26365349]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0815] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0815]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0815]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0838

(json)

• CVE numbers: CVE-2016-0838 [Bulletin-CVE-2016-0838]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. [NIST-CVE-2016-0838]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0838]
• Fixed on: 2016-01-12 [2]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0838] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0838]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0838]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0840

(json)

• CVE numbers: CVE-2016-0840 [Bulletin-CVE-2016-0840]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350. [NIST-CVE-2016-0840]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0840]
• Fixed on: 2016-02-17 [ANDROID-26399350]
• Fix released on: Unknown
• Affected versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0840] regex: (6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0840]
• Fixed versions: 6.0, 6.0.1 [Bulletin-CVE-2016-0840]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0841

(json)

• CVE numbers: CVE-2016-0841 [Bulletin-CVE-2016-0841]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. [NIST-CVE-2016-0841]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0841]
• Fixed on: 2016-02-18 [ANDROID-26040840]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0841] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0841]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0841]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-0837

(json)

• CVE numbers: CVE-2016-0837 [Bulletin-CVE-2016-0837]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. [NIST-CVE-2016-0837]
• Discovered by: on: Unknown
• Reported on: 2016-04-02 [Bulletin-CVE-2016-0837]
• Fixed on: 2016-02-23 [ANDROID-27208621]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0837] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-0837]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0837]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2429

(json)

• CVE numbers: CVE-2016-2429 [Bulletin-CVE-2016-2429]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted media file, aka internal bug 27211885. [NIST-CVE-2016-2429]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2429]
• Fixed on: 2016-03-11 [27211885]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2429] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2429]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2429]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2428

(json)

• CVE numbers: CVE-2016-2428 [Bulletin-CVE-2016-2428]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly limit the number of threads, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted media file, aka internal bug 26751339. [NIST-CVE-2016-2428]
• Discovered by: on: Unknown
• Reported on: 2016-05-01 [Bulletin-CVE-2016-2428]
• Fixed on: 2016-03-21 [26751339]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2428] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2428]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2428]
• Submission: by: Daniel Carter, on: 2019-07-29

CVE-2016-2463

(json)

• CVE numbers: CVE-2016-2463 [Bulletin-CVE-2016-2463]
• Coordinated disclosure?: unknown
• Categories: Remote Code Execution Vulnerability in Mediaserver
• Details: Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419. [NIST-CVE-2016-2463]
• Discovered by: on: Unknown
• Reported on: 2016-06-01 [Bulletin-CVE-2016-2463]
• Fixed on: 2016-04-08 [27855419]
• Fix released on: Unknown
• Affected versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2463] regex: (4.4.4)|(5.0.2)|(5.1.1)|(6.0.[0-9])|(6.0.1)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-2463]
• Fixed versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-2463]
• Submission: by: Daniel Carter, on: 2019-07-29