CVE-2015-1474

critical

Description

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.

References

https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf

https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091

http://www.securitytracker.com/id/1031875

http://www.securityfocus.com/bid/72788

http://seclists.org/fulldisclosure/2015/Mar/63

Details

Source: Mitre, NVD

Published: 2015-02-16

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical