Remote Code Execution Vulnerabilities in libutils

CVE numbers: CVE-2015-3875 [Bulletin-CVE-2015-3875]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. [NIST-CVE-2015-3875]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-3875]
Fixed on: 2015-08-18 [ANDROID-22952485]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-3875] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-3875]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE numbers: CVE-2015-6602 [Bulletin-CVE-2015-6602]
Coordinated disclosure?: unknown
Categories: Remote Code Execution Vulnerabilities in libutils
Details: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. [NIST-CVE-2015-6602]
Discovered by: on: Unknown
Reported on: 2015-10-01 [Bulletin-CVE-2015-6602]
Fixed on: 2015-08-20 [ANDROID-23290056]
Fix released on: Unknown
Affected versions: 5.1 and below [Bulletin-CVE-2015-6602] regex: ([1-4].[0-9].[0-9])|(5.[0-1].[0-9])
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2015-6602]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

AndroidVulnerabilities.org