CVE-2015-3834

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I libstagefright (affected versions not specified)

Description The issue is caused by multiple integer overflows in the BnHDCP::onTransact function of the libstagefright library in the Android operating system. This can lead to a heap-based buffer overflow, allowing a remote attacker to execute arbitrary code via a specially crafted application that uses HDCP encryption.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the BnHDCP::onTransact function in the libstagefright library until a patch is available.