CVE-2015-6602

Published: Oct 2, 2015Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 5.1.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.securitytracker.com/id/1033725

Source: security@android.com

https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/

Source: security@android.com

https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-notes

Source: security@android.com

https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/

Source: security@android.com

http://www.securitytracker.com/id/1033725

Source: af854a3a-2127-422b-91ae-364da2661108

https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-notes

Source: af854a3a-2127-422b-91ae-364da2661108

https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.