CVE-2015-3827

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to an integer underflow in the MPEG4Extractor::parseChunk function of the libstagefright library in Android. This can be exploited by a remote attacker using specially crafted MPEG-4 data, potentially allowing the execution of arbitrary code or causing a denial of service due to memory corruption. The vulnerability can be triggered via crafted MPEG-4 covr atoms.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the MPEG4Extractor::parseChunk function until a patch is available. Avoid using the libstagefright library to parse untrusted MPEG-4 data until the issue is resolved.