ID
VAR-E-201511-0182
CVE
| cve_id: | CVE-2015-7898 | Trust: 2.4 |
EDB ID
38610
TITLE
Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash - Android dos Exploit
Trust: 0.6
DESCRIPTION
Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash. CVE-2015-7898 . dos exploit for Android platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | samsung | model: | galaxy s6 samsung gallery | scope: | - | version: | - | Trust: 1.6 |
| vendor: | samsung | model: | galaxy s6 samsung gallery gif parsing | scope: | - | version: | - | Trust: 0.5 |
| vendor: | samsung | model: | galaxy s6 | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
Source: https://code.google.com/p/google-security-research/issues/detail?id=500
There is a crash when the Samsung Gallery application load the attached GIF, colormap.gif.
D/skia (10905): GIF - Parse error
D/skia (10905): --- decoder->decode returned false
F/libc (10905): Fatal signal 11 (SIGSEGV), code 2, fault addr 0x89f725ac in tid 11276 (thread-pool-0)
I/DEBUG ( 2958): pid: 10905, tid: 11276, name: thread-pool-0 >>> com.sec.android.gallery3d <<<
I/DEBUG ( 2958): signal 11 (SIGSEGV), code 2 (SEGV_ACCERR), fault addr 0x89f725ac
I/DEBUG ( 2958): x0 0000000000000001 x1 0000000089f725ac x2 0000000000000000 x3 00000000fff9038c
I/DEBUG ( 2958): x4 0000007f9c300000 x5 000000000000001f x6 0000000000000001 x7 0000007f9c620048
I/DEBUG ( 2958): x8 0000000000000000 x9 0000000000000000 x10 0000000000000080 x11 0000000000003758
I/DEBUG ( 2958): x12 0000000000000020 x13 0000000000000020 x14 00000000000000a5 x15 000000000000001f
I/DEBUG ( 2958): x16 00000000ffffe4e3 x17 00000000000000a5 x18 0000007f9c300000 x19 0000007f9c61fc00
I/DEBUG ( 2958): x20 0000007f9c664080 x21 0000000089e76b2c x22 000000000000003b x23 0000000000000001
I/DEBUG ( 2958): x24 0000000000000020 x25 0000000000000020 x26 0000000000000020 x27 0000007f9c664080
I/DEBUG ( 2958): x28 00000000000001da x29 0000000032e89ae0 x30 0000007faad70e64
I/DEBUG ( 2958): sp 0000007f9cfff170 pc 0000007faad72dbc pstate 0000000080000000
I/DEBUG ( 2958):
I/DEBUG ( 2958): backtrace:
I/DEBUG ( 2958): #00 pc 000000000002ddbc /system/lib64/libSecMMCodec.so (ColorMap+200)
I/DEBUG ( 2958): #01 pc 000000000002be60 /system/lib64/libSecMMCodec.so (decodeGIF+340)
I/DEBUG ( 2958): #02 pc 000000000000c90c /system/lib64/libSecMMCodec.so (Java_com_sec_samsung_gallery_decoder_SecMMCodecInterface_nativeDecode+436)
I/DEBUG ( 2958): #03 pc 000000000042ec00 /system/priv-app/SecGallery2015/arm64/SecGallery2015.odex
To reproduce, download the file and open it in Gallery
Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38610.zip
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
GIF Parsing Crash
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
CREDITS
Google Security Research
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-7898 | Trust: 2.4 |
| db: | EXPLOIT-DB | id: | 38610 | Trust: 1.6 |
| db: | EDBNET | id: | 59687 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 134951 | Trust: 0.5 |
| db: | BID | id: | 77430 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7898 | Trust: 2.1 |
| url: | https://code.google.com/p/google-security-research/issues/detail?id=500 | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/38610/ | Trust: 0.6 |
| url: | http://www.samsung.com/ | Trust: 0.3 |
| url: | https://code.google.com/p/google-security-research/issues/detail?id=500&q=samsung | Trust: 0.3 |
SOURCES
| db: | BID | id: | 77430 |
| db: | PACKETSTORM | id: | 134951 |
| db: | EXPLOIT-DB | id: | 38610 |
| db: | EDBNET | id: | 59687 |
LAST UPDATE DATE
2022-07-27T09:51:53.461000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 77430 | date: | 2015-11-02T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 77430 | date: | 2015-11-02T00:00:00 |
| db: | PACKETSTORM | id: | 134951 | date: | 2015-12-18T00:42:45 |
| db: | EXPLOIT-DB | id: | 38610 | date: | 2015-11-03T00:00:00 |
| db: | EDBNET | id: | 59687 | date: | 2015-11-03T00:00:00 |