CVE-2015-3829

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to an off-by-one error in the MPEG4Extractor::parseChunk function, which can lead to an integer overflow and memory corruption. This can be exploited by remote attackers using crafted MPEG-4 covr atoms with a size equal to SIZE MAX. The exploitation may result in the execution of arbitrary code or a denial of service. The vulnerability is associated with an integer overflow in the libstagefright library of the Android operating system.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the MPEG4Extractor::parseChunk function until a patch is available. Avoid using specially crafted MPEG-4 data that could trigger the vulnerability.