CVE-2015-1538

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to an integer overflow in the SampleTable::setSampleToChunkParams function in libstagefright in Android. This allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication. The vulnerability can be exploited to remotely execute code in affected devices.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the libstagefright library to minimize the risk of exploitation. Avoid using the SampleTable::setSampleToChunkParams function until a patch is available.