Android vulnerability related with stagefright

Document created by Karina Valencia Aguilar Employee on Aug 17, 2015Last modified by Karina Valencia Aguilar Employee on Aug 17, 2015
Version 3Show Document
  • View in full screen mode

There are several vulnerabilities been found recently as below:

    They are reported as CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828 and CVE-2015-3829.

 

 

All above vulnerabilities are related with stagefright’s stackoverflow, which exist all android version since JellyBean 4.2. The stagefright is the default Multimedia framework in Android’s AOSP source code.

 

To avoid attacking toward stagefright, it is recommended to have patches in this attach, which should be applied to myandroid/frameworks/av.

 

Reference:

https://github.com/WhisperSystems/TextSecure/issues/381

 

This document was generated from the following discussion: Android vulnerability related with stagefright

 

Created by Hui Fang

Outcomes