Google · Android · CVE-2016-2507
**Name of the Vulnerable Software and Affected Versions**
Android versions 4.x through 4.4.3
Android versions 5.0.x through 5.0.1
Android versions 5.1.x through 5.1.0
Android versions 6.x before 2016-07-01
**Description**
The issue is related to an integer overflow in the `h264bsd storage.c` file within the `libstagefright` component of the `mediaserver` in Android. This allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted media file.
**Recommendations**
For Android versions 4.x through 4.4.3, update to version 4.4.4 or later.
For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later.
For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later.
For Android versions 6.x before 2016-07-01, update to a version released on or after 2016-07-01.