CVE-2016-0803

Name of the Vulnerable Software and Affected Versions Android versions 4.x through 4.4.4 Android versions 5.x through 5.1.1 LMY49G Android versions 6.x before 2016-02-01

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file. This is triggered by a large memory allocation in the SoftMPEG4Encoder or SoftVPXEncoder component. The vulnerability is caused by a buffer overflow in the libstagefright component of the Android mediaserver.

Recommendations For Android versions 4.x through 4.4.4, update to version 4.4.4 or later. For Android versions 5.x through 5.1.1 LMY49G, update to version 5.1.1 LMY49G or later. For Android versions 6.x before 2016-02-01, update to a version released on or after 2016-02-01. As a temporary workaround, consider restricting the use of the SoftMPEG4Encoder and SoftVPXEncoder components until a patch is available.