CVE-2015-6610

Severity Level: High
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:

• Elevation of Privilege Vulnerability in libstagefright
• Stagefright 2.0

Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2015-6610

Details or analysis:

There is an elevation of privilege vulnerability in libstagefright that can enable a local malicious application to cause memory corruption and arbitrary code execution within the context of the mediaserver service.

Mediaserver service could be invoked when receiving media content from MMS messages, and browser playback of media. The mediaserver service has access to audio and video streams as well as access to privileges that third-party apps cannot normally access.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6610
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6610
• https://source.android.com/security/bulletin/2015-11-01.html