CVE-2016-0835

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-04-01

Description The issue is related to a buffer overflow in the decoder/impeg2d dec hdr.c function of the mediaserver component. This can be exploited by remote attackers using a specially crafted media file, which triggers a certain negative value, potentially leading to memory corruption or the execution of arbitrary code.

Recommendations For Android versions prior to 2016-04-01, update the system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider restricting the use of the mediaserver component or avoiding the playback of untrusted media files until a patch is available.