CVE-2016-0842

Name of the Vulnerable Software and Affected Versions Android 6.x versions prior to 2016-04-01

Description The issue exists due to the incorrect handling of Memory Management Control Operation (MMCO) data by the H.264 decoder in the libstagefright library of the Android operating system. This can be exploited by a remote attacker using a specially crafted media file, potentially allowing the execution of arbitrary code or causing a denial of service due to memory corruption.

Recommendations For Android 6.x versions prior to 2016-04-01, update the operating system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider avoiding the use of the H.264 decoder in libstagefright until a patch is available. Restrict access to media files from untrusted sources to minimize the risk of exploitation.