Anestisb

**Name of the Vulnerable Software and Affected Versions** Android 6.x versions prior to 2016-04-01 **Description** The issue exists due to the incorrect handling of Memory Management Control Operation (MMCO) data by the H.264 decoder in the libstagefright library of the Android operating system. This can be exploited by a remote attacker using a specially crafted media file, potentially allowing the execution of arbitrary code or causing a denial of service due to memory corruption. **Recommendations** For Android 6.x versions prior to 2016-04-01, update the operating system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider avoiding the use of the H.264 decoder in libstagefright until a patch is available. Restrict access to media files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android 6.x before 2016-03-01 **Description** The issue allows attackers to obtain sensitive information and bypass an unspecified protection mechanism via crafted Bitstream data. This can be achieved by exploiting errors in security settings, potentially granting access to confidential information or allowing the bypassing of protection mechanisms. **Recommendations** For Android 6.x before 2016-03-01, update the system to a version released after 2016-03-01 to resolve the issue. As a temporary workaround, consider restricting the use of libstagefright until a patch is available. Avoid using crafted Bitstream data in the affected system until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-03-01 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d parse islice.c and decoder/ih264d parse pslice.c. This is caused by a buffer overflow in the mediaserver component of the Android operating system. **Recommendations** For Android versions prior to 2016-03-01, update the operating system to a version released after 2016-03-01 to resolve the issue. As a temporary workaround, consider restricting the use of media files from untrusted sources to minimize the risk of exploitation.