CVE-2016-3861

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-09-01 Android versions 7.0 before 2016-09-01

Description The issue is related to the mishandling of conversions between Unicode character encodings with different encoding widths in LibUtils. This allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, resulting in a heap-based buffer overflow.

Recommendations For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-09-01, apply the September 2016 security patch or later. For Android versions 7.0 before 2016-09-01, apply the September 2016 security patch or later.