CVE-2015-3824

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to the MPEG4Extractor::parseChunk function in the libstagefright library, which does not properly restrict size addition. This allows remote attackers to execute arbitrary code or cause a denial of service due to integer overflow and memory corruption via a crafted MPEG-4 tx3g atom. The vulnerability can be exploited by sending specially crafted data in the MPEG-4 format, potentially leading to remote code execution or a denial of service.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the libstagefright library until a patch is available. Avoid using the MPEG4Extractor::parseChunk function in the affected library to minimize the risk of exploitation.