CVE-2016-0804

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY49G Android 6.x versions prior to 2016-02-01

Description The issue arises from improper management of mDrmManagerClient objects in the NuPlayer::GenericSource::notifyPreparedAndCleanup function, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file.

Recommendations For Android versions prior to 5.1.1 LMY49G, update to version 5.1.1 LMY49G or later. For Android 6.x versions prior to 2016-02-01, update to a version released after 2016-02-01. As a temporary workaround, consider restricting access to media files from untrusted sources to minimize the risk of exploitation.