libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6% and no vendor patch available.
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.