Ray Essick

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** An elevation of privilege issue in the `codecs/aacenc/SoftAACEncoder2.cpp` function of the `libstagefright` service in the `Mediaserver` application could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, consider disabling the `SoftAACEncoder2.cpp` function as a temporary workaround until a patch is available. Restrict access to the `libstagefright` service to minimize the risk of exploitation. Avoid using the `Mediaserver` application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.