CVE-2015-1539

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I libstagefright (affected versions not specified)

Description The issue is related to multiple integer underflows in the ESDS::parseESDescriptor function of the libstagefright library in the Android operating system. This can be exploited by a remote attacker to execute arbitrary code using specially crafted ESDS data. The vulnerability allows for the execution of code via crafted ESDS atoms.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting access to the ESDS::parseESDescriptor function in the libstagefright library until a patch is available.