CVE-2016-0840

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-04-01

Description The issue is caused by multiple stack-based buffer underflows in the decoder/ih264d parse cavlc.c function of the mediaserver component in Android. This allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file.

Recommendations For Android versions prior to 2016-04-01, update the system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider restricting the use of the mediaserver component or avoiding the use of crafted media files until the issue is resolved.