CVE-2015-3864

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48M

Description The issue is caused by an integer underflow in the MPEG4Extractor::parseChunk function in the libstagefright library of the Android operating system. This allows a remote attacker to execute arbitrary code by providing specially crafted MPEG-4 data. The vulnerability exists due to an incomplete fix for a previous issue.

Recommendations For Android versions prior to 5.1.1 LMY48M, update to version 5.1.1 LMY48M or later to resolve the issue. As a temporary workaround, consider restricting the use of the MPEG4Extractor::parseChunk function until a patch is available. Avoid using specially crafted MPEG-4 data in the affected API endpoint until the issue is resolved.