VAR-201511-0020
Vulnerability from variot - Updated: 2023-12-18 12:44The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. Samsung Galaxy S6 Edge is a smartphone released by South Korea's Samsung. A remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "galaxy s6",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s6",
"scope": "lt",
"trust": 0.8,
"vendor": "samsung",
"version": "edge g925vvru4b0g9"
},
{
"model": "galaxy s6",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"model": "galaxy s6",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "BID",
"id": "77422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "natashenka, Google Security Research",
"sources": [
{
"db": "BID",
"id": "77422"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7897",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07655",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7897",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07655",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-264",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. Samsung Galaxy S6 Edge is a smartphone released by South Korea\u0027s Samsung. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "BID",
"id": "77422"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7897",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "38611",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "134199",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-07655",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264",
"trust": 0.6
},
{
"db": "BID",
"id": "77422",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "BID",
"id": "77422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"id": "VAR-201511-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
}
],
"trust": 1.10842494
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
}
]
},
"last_update_date": "2023-12-18T12:44:57.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Galaxy S6 edge",
"trust": 0.8,
"url": "http://www.samsung.com/jp/product/galaxys6edge/"
},
{
"title": "Samsung Galaxy S6 Edge Memory Corruption Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/66899"
},
{
"title": "Samsung Galaxy S6 Edge Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58751"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "NVD",
"id": "CVE-2015-7897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=499\u0026q=samsung"
},
{
"trust": 2.2,
"url": "http://googleprojectzero.blogspot.com/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/134199/samsung-galaxy-s6-android.media.process-face-recognition-memory-corruption.html"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/38611/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7897"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7897"
},
{
"trust": 0.8,
"url": "http://googleprojectzero.blogspot.jp/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
},
{
"trust": 0.6,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=499\u0026amp;q=samsung"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.3,
"url": "http://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
},
{
"trust": 0.3,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=499"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "BID",
"id": "77422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"db": "BID",
"id": "77422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"date": "2015-11-03T00:00:00",
"db": "BID",
"id": "77422"
},
{
"date": "2015-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"date": "2015-11-16T19:59:06.707000",
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"date": "2015-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07655"
},
{
"date": "2015-11-03T00:00:00",
"db": "BID",
"id": "77422"
},
{
"date": "2015-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005937"
},
{
"date": "2015-11-17T17:54:53.857000",
"db": "NVD",
"id": "CVE-2015-7897"
},
{
"date": "2015-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samsung Galaxy S6 edge of android.media.process Vulnerability in the media scanning function of the face recognition library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-264"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…