The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2015-10-01T00:00:00
Updated: 2024-08-06T05:56:15.879Z
Reserved: 2015-05-12T00:00:00
Link: CVE-2015-3836
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-10-01T00:59:20.467
Modified: 2024-11-21T02:29:56.820
Link: CVE-2015-3836
Redhat
No data.