CVE-2015-6620

Google Android < 5.1.1 - Access Control

Title source: rule

Description

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.

Exploits (2)

nomisec WORKING POC 52 stars

by flankerhqd · poc

https://github.com/flankerhqd/mediacodecoob

View Code ZIP pw:eip

nomisec WORKING POC 38 stars

by flankerhqd · poc

https://github.com/flankerhqd/CVE-2015-6620-POC

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://source.android.com/security/bulletin/2015-12-01.html

Scores

EPSS 0.1257

EPSS Percentile 94.0%

Details

CWE

CWE-264

Status published

Products (2)

google/android 6.0

google/android 5.0 - 5.1.1

Published Dec 08, 2015

Tracked Since Feb 18, 2026