Harish Mahendrakar

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-08-01 **Description** The issue is related to the handling of invalid PPS and SPS NAL units in the decoder/ih264d api.c file within the mediaserver of Android. This can be exploited by remote attackers to cause a denial of service, resulting in a device hang or reboot, by using a crafted media file. **Recommendations** For Android versions prior to 2016-08-01, update the operating system to a version released after 2016-08-01 to resolve the issue. As a temporary workaround, consider avoiding the use of media files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-07-01 **Description** The issue is related to errors in resource management in the decoder/impeg2d bitstream.c file of the Android operating system. It allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application. **Recommendations** For Android versions prior to 2016-07-01, update the system to a version released after 2016-07-01 to resolve the issue. As a temporary workaround, consider restricting the use of the decoder/impeg2d bitstream.c file until a patch is available. Avoid using crafted applications that could exploit this issue until the system is updated.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 **Description** The issue is caused by multiple stack-based buffer underflows in the decoder/ih264d parse cavlc.c function of the mediaserver component in Android. This allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file. **Recommendations** For Android versions prior to 2016-04-01, update the system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider restricting the use of the mediaserver component or avoiding the use of crafted media files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 **Description** The issue is caused by a stack-based buffer overflow in the `decoder/impeg2d vld.c` function of the `mediaserver` component. This allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file. **Recommendations** For Android versions prior to 2016-04-01, update the system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider restricting the use of the `mediaserver` component to minimize the risk of exploitation. Avoid using the `decoder/impeg2d vld.c` function until the issue is resolved.