AnsweredAssumed Answered

Android vulnerability related with stagefright

Question asked by Hui Fang Employee on Aug 7, 2015
Latest reply on Aug 18, 2015 by Matthias Schaff

There are several vulnerabilities been found recently as below:

    They are reported as CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828 and CVE-2015-3829.

All above vulnerabilities are related with stagefright’s stackoverflow, which exist all android version since JellyBean 4.2. The stagefright is the default Multimedia framework in Android’s AOSP source code.


To avoid attacking toward stagefright, it is recommended to have patches in this attach, which should be applied to myandroid/frameworks/av.

 

Reference:

https://github.com/WhisperSystems/TextSecure/issues/3817

Original Attachment has been moved to: kitkat-stagefright-patch.7z.zip

Outcomes