The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2015-10-01T00:00:00

Updated: 2024-08-06T05:56:15.879Z

Reserved: 2015-05-12T00:00:00

Link: CVE-2015-3836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-10-01T00:59:20.467

Modified: 2024-11-21T02:29:56.820

Link: CVE-2015-3836

cve-icon Redhat

No data.