VYPR
Unrated severityNVD Advisory· Published Oct 1, 2015· Updated Jun 17, 2026

CVE-2015-3836

CVE-2015-3836

Description

The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Google/Android2 versions
    cpe:2.3:o:google:android:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:google:android:*:*:*:*:*:*:*:*range: <=5.1
    • (no CPE)range: <5.1.1 LMY48I
  • Google/Sonivoxllm-create
    Range: <5.1.1 LMY48I

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.