CVE-2016-2450

Name of the Vulnerable Software and Affected Versions Android versions prior to 4.4.4 Android 5.0.x versions prior to 5.0.2 Android 5.1.x versions prior to 5.1.1 Android 6.x versions prior to 2016-05-01

Description The issue is related to the function codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright component of the mediaserver in Android, which does not validate OMX buffer sizes. This allows attackers to gain privileges via a crafted application, potentially obtaining Signature or SignatureOrSystem access.

Recommendations For Android versions prior to 4.4.4, update to version 4.4.4 or later. For Android 5.0.x versions prior to 5.0.2, update to version 5.0.2 or later. For Android 5.1.x versions prior to 5.1.1, update to version 5.1.1 or later. For Android 6.x versions prior to 2016-05-01, update to a version released after 2016-05-01.