CVE-2015-1538

Android < 5.1 - Remote Code Execution via MP4 Atom Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2015-1538. PoCs published by Joshua J. Drake, jduck, oguzhantopgul.

AI-analyzed exploit summary This exploit targets CVE-2015-1538, an integer overflow in libstagefright's MP4 'stsc' atom handling, leading to a heap overflow. It constructs a malicious MP4 file with a ROP chain and reverse shell payload for remote code execution on vulnerable Android devices.

Description

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Joshua J. Drake · pythonremoteandroid
https://www.exploit-db.com/exploits/38124

This exploit targets CVE-2015-1538, an integer overflow in libstagefright's MP4 'stsc' atom handling, leading to a heap overflow. It constructs a malicious MP4 file with a ROP chain and reverse shell payload for remote code execution on vulnerable Android devices.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Android libstagefright (versions prior to patch for CVE-2015-1538)
No auth needed
Prerequisites: Network access to deliver the malicious MP4 file · Vulnerable Android device with affected libstagefright version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 205 stars
by jduck · poc
https://github.com/jduck/cve-2015-1538-1

This is a functional exploit for CVE-2015-1538, targeting an integer overflow in the libstagefright MP4 'stsc' atom handling. It generates a malicious MP4 file to achieve remote code execution (RCE) as the media user on vulnerable Android devices.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Android libstagefright (Android 4.0.4, Galaxy Nexus)
No auth needed
Prerequisites: Target device must be running Android 4.0.4 with partial ASLR · Delivery mechanism (e.g., MMS) to send the malicious MP4 file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by oguzhantopgul · poc
https://github.com/oguzhantopgul/cve-2015-1538-1

This is a functional exploit for CVE-2015-1538, targeting an integer overflow in the libstagefright MP4 'stsc' atom handling in Android. It generates a malicious MP4 file to achieve remote code execution (RCE) via a reverse shell as the media user.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Android libstagefright (tested on Galaxy Nexus, Android 4.0.4)
No auth needed
Prerequisites: Target device with vulnerable libstagefright version · Delivery mechanism (e.g., MMS, malicious link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 2 stars
by Tharana · poc
https://github.com/Tharana/vulnerability-exploitation

The repository contains a README.md file mentioning multiple CVEs, including CVE-2015-1538 (Stagefright RCE), but lacks actual exploit code or technical details. It appears to be a placeholder or incomplete writeup.

Classification
Writeup 30%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Google Android (Stagefright)
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 1 stars
by Tharana · poc
https://github.com/Tharana/Android-vulnerability-exploitation

The repository contains a README file discussing CVE-2015-1538, a Stagefright vulnerability in Google Android, but lacks actual exploit code or technical details. It appears to be a placeholder or incomplete writeup.

Classification
Writeup 30%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Google Android (Stagefright)
No auth needed
Prerequisites: None specified
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by renjithsasidharan · poc
https://github.com/renjithsasidharan/cve-2015-1538-1

This is a functional exploit for CVE-2015-1538, targeting an integer overflow in the libstagefright MP4 'stsc' atom handling. It generates a malicious MP4 file that triggers a heap overflow, leading to remote code execution (reverse shell) as the media user on vulnerable Android devices.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Android libstagefright (Android 4.0.4, Galaxy Nexus)
No auth needed
Prerequisites: Target device must be running Android 4.0.4 with partial ASLR · Attacker must deliver the malicious MP4 via MMS or another vector
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by xsleaksiki · poc
https://github.com/xsleaksiki/cve

The repository contains a simple number-guessing game in Python, unrelated to CVE-2015-1538. No exploit code or vulnerability details are present.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: N/A
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by niranjanshr13 · poc
https://github.com/niranjanshr13/Stagefright-cve-2015-1538-1

This is a functional exploit for CVE-2015-1538, targeting an integer overflow in libstagefright's MP4 'stsc' atom handling. It generates a malicious MP4 file that can trigger remote code execution on vulnerable Android devices.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android libstagefright (versions prior to patch for CVE-2015-1538)
No auth needed
Prerequisites: Vulnerable Android device · Delivery mechanism (e.g., MMS, malicious website)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033094
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76052
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38124/

Scores

EPSS 0.9906
EPSS Percentile 99.9%

Details

CWE
CWE-189
Status published
Products (1)
google/android < 5.1
Published Oct 01, 2015
Tracked Since Feb 18, 2026