CVE-2015-6602

Android < 5.1.1 - Remote Code Execution via Crafted MP3/MP4 Metadata

Title source: llm
STIX 2.1

Description

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

Scores

EPSS 0.0316
EPSS Percentile 86.5%

Details

CWE
CWE-20
Status published
Products (1)
google/android < 5.1.1
Published Oct 02, 2015
Tracked Since Feb 18, 2026