What is CVE-2015-3827?

CVE-2015-3827 is a vulnerability in Google Android, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-10-01.

Is CVE-2015-3827 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Google Android

CVE-2015-3827

The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code o…

Vulnerability class: Buffer Overflow

EPSS: 0.811 (99.6th percentile) — read the EPSS interpretation.

Affected products

Google Android
N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

mrash/afl-cve

References

1033094 (vdb-entry, x_refsource_SECTRACK)
76052 (vdb-entry, x_refsource_BID)
security@android.com (x_refsource_CONFIRM)
security@android.com (x_refsource_CONFIRM)
security@android.com (x_refsource_CONFIRM, Vendor Advisory)
[android-security-updates] 20150812 Nexus Security Bulletin (August 2015) (Vendor Advisory, mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2015-3827?: CVE-2015-3827 is a vulnerability in Google Android, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-10-01.
Is CVE-2015-3827 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.