What is the severity of CVE-2015-3829?

CVE-2015-3829 has a high severity due to its potential to allow remote code execution or denial of service.

How do I fix CVE-2015-3829?

To fix CVE-2015-3829, update the Android software to version 5.1.1 LMY48I or later.

What types of attacks can CVE-2015-3829 enable?

CVE-2015-3829 can enable remote attackers to execute arbitrary code and cause denial of service.

Which versions of Android are affected by CVE-2015-3829?

CVE-2015-3829 affects Android versions prior to 5.1.1 LMY48I.

What is the root cause of CVE-2015-3829?

The root cause of CVE-2015-3829 is an off-by-one error in the MPEG4Extractor::parseChunk function.

Vulnerability/
CVE-2015-3829

critical

CWE

189 190

1/10/2015

6/8/2024

CVE-2015-3829: Integer Overflow

First published: Thu Oct 01 2015(Updated: )

Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.

Credit: security@android.com

Affected Software	Affected Version	How to fix
Android	<=5.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3829?
CVE-2015-3829 has a high severity due to its potential to allow remote code execution or denial of service.
How do I fix CVE-2015-3829?
To fix CVE-2015-3829, update the Android software to version 5.1.1 LMY48I or later.
What types of attacks can CVE-2015-3829 enable?
CVE-2015-3829 can enable remote attackers to execute arbitrary code and cause denial of service.
Which versions of Android are affected by CVE-2015-3829?
CVE-2015-3829 affects Android versions prior to 5.1.1 LMY48I.
What is the root cause of CVE-2015-3829?
The root cause of CVE-2015-3829 is an off-by-one error in the MPEG4Extractor::parseChunk function.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/google
canonical/android
version/android/5.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.