Vulnerability Description
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 5.1.1 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1033725
- https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerabili
- https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-
- https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-
- http://www.securitytracker.com/id/1033725
- https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerabili
- https://support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-
- https://threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-
FAQ
What is CVE-2015-6602?
CVE-2015-6602 is a vulnerability with a CVSS score of 9.3 (HIGH). libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by li...
How severe is CVE-2015-6602?
CVE-2015-6602 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6602?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.