arb33

CVE numbers: CVE-2015-6602 [zimperium-stagefright2], CVE-2015-3876 [android-security-october][archived]
Coordinated disclosure?: true
Categories: system, network
Details: Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability (in libutils) impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices running version 5.0 and up using the second vulnerability (in libstagefright). Google assigned CVE-2015-6602 to vulnerability in libutils. [zimperium-stagefright2]
Discovered by: Joshua J. Drake [zimperium-stagefright2] on: 2015-08-15 [zimperium-stagefright2]
Reported on: 2015-10-01 [zimperium-stagefright2]
Fixed on: Unknown
Fix released on: 2015-10-05 [register-stagefright2]
Affected versions: 5.1 and below [android-security-october][archived] regex: ([1-4].[0-9].[0-9])|(5.0.[0-9])|(5.1.[0-1])
Affected devices: all [zimperium-stagefright2]
Affected manufacturers: all [zimperium-stagefright2]
Fixed versions: 5.1.1, LMY48T or later, LMY48W [android-security-october][archived]
Submission: by: Daniel R. Thomas, on: 2015-10-06; by: Laurent Simon, on: 2015-10-02; by: Alastair R. Beresford, on: 2015-10-01

AndroidVulnerabilities.org