CVE-2015-1474
Android < 5.0 - Integer Overflow and Heap Corruption in GraphicBuffer::unflatten
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-1474. PoCs published by p1gl3t.
AI-analyzed exploit summary This PoC exploits CVE-2015-1474 by crafting a malicious Parcel to crash SurfaceFlinger during deserialization, leveraging a modified screencap command. It manipulates the BufferQueue and BnGraphicBufferProducer to trigger the vulnerability.
Description
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
Exploits (1)
This PoC exploits CVE-2015-1474 by crafting a malicious Parcel to crash SurfaceFlinger during deserialization, leveraging a modified screencap command. It manipulates the BufferQueue and BnGraphicBufferProducer to trigger the vulnerability.