CVE-2015-3842

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to multiple heap-based buffer overflows in the libeffects library of the Audio Policy Service in mediaserver. This allows attackers to execute arbitrary code via a crafted application. The exploitation of these overflows can enable a remote attacker to execute arbitrary code using a specially formed application.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the libeffects library in the Audio Policy Service until a patch is available.