icon

We found results for “

CVE-2015-3836

Good to know:

icon

Date: September 30, 2015

The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

icon

Upgrade Version

Upgrade to version android-5.1.1_r9

Learn More

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us