Wei Jia

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.4 Android versions 5.x through 5.1.1 LMY49G Android versions 6.x before 2016-02-01 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file. This is triggered by a large memory allocation in the `SoftMPEG4Encoder` or `SoftVPXEncoder` component. The vulnerability is caused by a buffer overflow in the libstagefright component of the Android mediaserver. **Recommendations** For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.x through 5.1.1 LMY49G, update to version 5.1.1 LMY49G or later. For Android versions 6.x before 2016-02-01, update to a version released on or after 2016-02-01. As a temporary workaround, consider restricting the use of the `SoftMPEG4Encoder` and `SoftVPXEncoder` components until a patch is available.