1
Candidate: CVE-2015-3826
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3826
5
https://plus.google.com/+CyanogenMod/posts/7iuX21Tz7n8
7
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in
8
libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum
9
size for UTF-16 strings containing a Byte Order Mark (BOM), which allows
10
remote attackers to cause a denial of service (integer underflow, buffer
11
over-read, and mediaserver process crash) via crafted 3GPP metadata, aka
12
internal bug 20923261, a related issue to CVE-2015-3828.
15
jdstrand> please see CVE-2015-1538 for details until more information is
17
jdstrand> Ubuntu 14.04 is affected but no supported images use it
23
Tags_android: apparmor
26
upstream_android: pending
28
trusty_android: ignored
29
vivid_android: ignored
30
vivid/stable-phone-overlay_android: ignored
31
vivid/ubuntu-core_android: DNE
33
devel_android: ignored