Sign-up

ID

VAR-201708-0035


CVE

CVE-2015-7896


TITLE

Samsung Galaxy S6 Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007814

DESCRIPTION

LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. Samsung Galaxy S6 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Samsung LibQjpeg is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 1.89

sources: NVD: CVE-2015-7896 // JVNDB: JVNDB-2015-007814 // BID: 77425

AFFECTED PRODUCTS

vendor:samsungmodel:mobilescope:eqversion:7.1.2

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.0.2

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:6.0.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.0

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:6.0

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.1.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:7.1.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.0.1

Trust: 1.6

vendor:samsungmodel:mobilescope:eqversion:5.0

Trust: 1.0

vendor:samsungmodel:mobilescope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy s6scope:eqversion:0

Trust: 0.3

sources: BID: 77425 // JVNDB: JVNDB-2015-007814 // CNNVD: CNNVD-201512-665 // NVD: CVE-2015-7896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7896
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7896
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-665
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-7896
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2015-7896
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2015-007814 // CNNVD: CNNVD-201512-665 // NVD: CVE-2015-7896

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2015-007814 // NVD: CVE-2015-7896

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-665

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201512-665

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007814

PATCH
title:Issue 498url:https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1
Trust: 0.8
title:Galaxy S6url:http://www.galaxymobile.jp/galaxy-s6/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-007814

EXTERNAL IDS
db:NVDid:CVE-2015-7896
Trust: 2.7
db:BIDid:77425
Trust: 1.9
db:PACKETSTORMid:134198
Trust: 1.6
db:EXPLOIT-DBid:38612
Trust: 1.6
db:JVNDBid:JVNDB-2015-007814
Trust: 0.8
db:CNNVDid:CNNVD-201512-665
Trust: 0.6
sources:
            
            
            BID: 77425 // 
            
            
            
            JVNDB: JVNDB-2015-007814 // 
            
            
            
            CNNVD: CNNVD-201512-665 // 
            
            
            
            NVD: CVE-2015-7896

REFERENCES
url:http://www.securityfocus.com/bid/77425
Trust: 1.6
url:http://packetstormsecurity.com/files/134198/samsung-galaxy-s6-libqjpeg-dointegralupsample-crash.html
Trust: 1.6
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1
Trust: 1.6
url:https://www.exploit-db.com/exploits/38612/
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7896
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7896
Trust: 0.8
url:https://code.google.com/p/google-security-research/issues/detail?id=498
Trust: 0.3
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            BID: 77425 // 
            
            
            
            JVNDB: JVNDB-2015-007814 // 
            
            
            
            CNNVD: CNNVD-201512-665 // 
            
            
            
            NVD: CVE-2015-7896

CREDITS
Natashenka
Trust: 0.9
sources:
            
            
            BID: 77425 // 
            
            
            
            CNNVD: CNNVD-201512-665

SOURCES
db:BIDid:77425
db:JVNDBid:JVNDB-2015-007814
db:CNNVDid:CNNVD-201512-665
db:NVDid:CVE-2015-7896

LAST UPDATE DATE
2024-11-23T22:26:43.615000+00:00

SOURCES UPDATE DATE
db:BIDid:77425date:2015-11-03T00:00:00
db:JVNDBid:JVNDB-2015-007814date:2017-09-26T00:00:00
db:CNNVDid:CNNVD-201512-665date:2017-08-25T00:00:00
db:NVDid:CVE-2015-7896date:2024-11-21T02:37:37.653

SOURCES RELEASE DATE
db:BIDid:77425date:2015-11-03T00:00:00
db:JVNDBid:JVNDB-2015-007814date:2017-09-26T00:00:00
db:CNNVDid:CNNVD-201512-665date:2015-11-03T00:00:00
db:NVDid:CVE-2015-7896date:2017-08-24T20:29:00.547