CVE-2015-1474

Name of the Vulnerable Software and Affected Versions Android versions through 5.0

Description The issue is related to multiple integer overflows. Exploitation of these overflows may allow an attacker to gain privileges or cause a denial of service by passing a large number of file descriptors or integer values. Specifically, the GraphicBuffer::unflatten function in the platform/frameworks/native/libs/ui/GraphicBuffer.cpp is affected.

Recommendations For Android versions through 5.0, consider restricting access to the GraphicBuffer::unflatten function as a temporary workaround until a patch is available. Additionally, avoid using large numbers of file descriptors or integer values in affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.