CVE-2015-3876

Name of the Vulnerable Software and Affected Versions Android versions through 5.1.1 LMY48M

Description The issue exists due to insufficient input validation in the libstagefright library of the Android operating system. It allows a remote attacker to execute arbitrary code by using specially crafted metadata in MP3 or MP4 files.

Recommendations For Android versions through 5.1.1 LMY48M, consider restricting access to MP3 and MP4 files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid using the libstagefright library until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.