Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-3864 PoC — Android mediaserver组件数字错误漏洞

Source
https://github.com/HenryVHuang/CVE-2015-3864
Associated Vulnerability
Title:Android mediaserver组件数字错误漏洞 (CVE-2015-3864)
Description:Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
Description
just some research notes
File Snapshot

 [4.0K]  /data/pocs/f1befedb0f7a218a8c2f6a781298c12f137931f8
├── [ 100]  google.poc
├── [ 64K]  hahahahah.mp4
├── [ 67K]  last_try.mp4
├── [ 64K]  lol1.mp4
├── [ 906]  mk_final.py
├── [ 880]  mk_mp4.py
├── [ 620]  plzzzzzzzzzzzzzzzzzzzzzzzzzz.mp4
├── [9.9K]  poc2.mp4
├── [ 100]  poc3.mp4
├── [ 64K]  poc4.mp4
├── [9.9K]  poc.mp4
└── [   0]  something.mp4

0 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →