Sunblate

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.1 **Description** A remote code execution issue in Mediaserver could allow an attacker to cause memory corruption during media file and data processing using a specially crafted file. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process, affecting the libhevc library. **Recommendations** For Android versions 6.0 through 7.1.1, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to the libhevc library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-11-01 **Description** A remote denial of service issue in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-11-01, update to a version released on or after 2016-11-01.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.4 Android versions 5.0.x through 5.0.2 Android versions 5.1.x through 5.1.1 Android versions 6.x before 2016-06-01 **Description** The issue is caused by insufficient input validation in the `SampleTable.cpp` function of the `libstagefright` library in the `mediaserver` component. This allows remote attackers to cause a denial of service, resulting in a device hang or reboot, via a crafted file. **Recommendations** For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.2, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.1, update to version 5.1.1 or later. For Android versions 6.x before 2016-06-01, update to a version released after 2016-06-01.