Unrated severityNVD Advisory· Published Oct 2, 2015· Updated May 6, 2026

CVE-2015-6602

Description

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

Affected products

Google/Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Range: <=5.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1033725nvd
blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/nvd
support.silentcircle.com/customer/en/portal/articles/2145864-privatos-1-1-12-release-notesnvd
threatpost.com/stagefright-2-0-vulnerabilities-affect-1-billion-android-devices/114863/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000